Harbor: Unauthorized Access to Job Execution Logs

In Harbor versions 1.0.0 and above, 1.10.12 and prior, 2.0.0 and above, 2.4.2 and prior, 2.5.0 and above, 2.5.1 and prior a high severity vulnerability CVE-2022-31671 was detected. This vulnerability allows malicious authenticated users to access or modify job execution logs in Harbor by sending requests with different job IDs, exposing all logs stored in the Harbor database due to improper permission validation. To fix this issue, users need to update Harbor to version 2.5.2 or above. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2022-31671.