High Severity IDOR Bugs inCNCF ‘Harbor’ Project by VMware

Oxeye, the provider of award-winning cloud-native application security, today announced that its security researchers have uncovered several new high severity variants of the IDOR (Insecure Director Object Reference) vulnerabilities in CNCF-graduated project Harbor, the popular open-source artifact registry by VMware.  Harbor is an open-source cloud native registry project that stores, signs and scans content. It […]

Continue Reading

Open-source software usage slowing down for fear of vulnerabilities, exposures, or risks

Anaconda released its annual 2022 State of Data Science report, revealing the widespread trends, opportunities, and perceived blockers facing the data science, machine learning (ML), and artificial intelligence (AI) industries. The global study targeted the open-source community through three cohorts of academics, industry professionals, and students. While open-source software was created by and for developers, […]

Continue Reading

High severity vulnerabilities found in Harbor open-source artifact registry

Oxeye security researchers have uncovered several new high severity variants of the IDOR (Insecure Director Object Reference) vulnerabilities (CVE-2022-31671, CVE-2022-31666, CVE-2022-31670, CVE-2022-31669, CVE-2022-31667) in CNCF-graduated project Harbor, the popular open-source artifact registry by VMware. Harbor is an open-source cloud native registry project that stores, signs, and scans content. It can integrate with various Docker registries […]

Continue Reading

Most critical security gaps in the public cloud

Orca Security released the 2022 State of the Public Cloud Security Report, which provides important insights into the current state of public cloud security and where the most critical security gaps are found. One of the report’s key findings is that the average attack path is only 3 steps away from a crown jewel asset, […]

Continue Reading