High severity vulnerabilities found in Harbor open-source artifact registry

2022-09-19 09:54

Oxeye security researchers have uncovered several new high severity variants of the IDOR vulnerabilities in CNCF-graduated project Harbor, the popular open-source artifact registry by VMware.

Harbor is an open-source cloud native registry project that stores, signs, and scans content.

The IDOR vulnerability in Harbor leads to the disclosure of webhook policies without authorization.

Harbor allows users to configure webhook policies to receive notifications about certain events in the repository, e.g., when a new artifact is pushed or when an existing one is deleted.

The vulnerability occurred because Harbor only attempted to validate that the requesting user had access to the project ID specified in the request.

All IDOR variants mentioned in this announcement have been communicated to the VMware Security Response and Harbor Engineering teams, who promptly collaborated towards a quick and effective resolution.

News URL

https://www.helpnetsecurity.com/2022/09/19/vulnerabilities-harbor-open-source-artifact-registry/

#opensource #vulnerabilities

News URL

Related news