HIGH🇬🇧 English

CVE-2022-31666

CVSS 7.7v3.1pub. 2024-11-14upd. 2025-02-28

Harbor fails to validate user permissions while deleting Webhook policies, allowing malicious users to view, update and delete Webhook policies of other users.  The attacker could modify Webhook policies configured in other projects.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
  • Linuxfoundation Harbor

    APP
    Linuxfoundation
    2.0.0 – 2.4.3 (bez)2.5.0 – 2.5.2 (bez)
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2022-31671HIGH7.4ten sam produkt

Harbor fails to validate user permissions when reading and updating job execution logs through the P2P preheat...

CVE-2022-31668HIGH7.4ten sam produkt

Harbor fails to validate the user permissions when updating p2p preheat policies. By sending a request to upda...

CVE-2022-31670HIGH7.7ten sam produkt

Harbor fails to validate the user permissions when updating tag retention policies.  By sending a request to ...

CVE-2022-46463HIGH7.5ten sam produkt

An access control issue in Harbor v1.X.X to v2.5.3 allows attackers to access public and private image reposit...

CVE-2019-19025HIGH8.8ten sam produkt

Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 allows CSRF in the VMware Harbor Container R...