Harbor: Unauthorized Tag Retention Policy Modification

In Harbor versions prior to 2.5.2 a high severity vulnerability CVE-2022-31670 was detected. This vulnerability allows an attacker to modify tag retention policies in projects they don’t have access to by sending a request with a policy ID from another project, due to Harbor’s failure to validate user permissions. To fix this issue, users need to update to version 2.5.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2022-31670.