BIT-harbor-2022-31666

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/harbor/BIT-harbor-2022-31666.json

JSON Data

https://api.test.osv.dev/v1/vulns/BIT-harbor-2022-31666

Aliases

CVE-2022-31666
GHSA-8hwq-5f22-jfr3
GHSA-jf8p-3vjh-pq94

Published

2026-01-26T14:39:52.521Z

Modified

2026-01-26T17:42:13.762381Z

Summary

Harbor fails to validate user permissions while Viewing, updating and deleting Webhook policies

Details

Harbor fails to validate user permissions while deleting Webhook policies, allowing malicious users to view, update and delete Webhook policies of other users. The attacker could modify Webhook policies configured in other projects.

Database specific

{
    "severity": "Medium",
    "cpes": [
        "cpe:2.3:a:linuxfoundation:harbor:*:*:*:*:*:*:*:*"
    ]
}

References

Affected packages

Bitnami / harbor

Package

Name: harbor
Purl: pkg:bitnami/harbor

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

2.0.0

Fixed

2.4.3

Introduced

2.5.0

Fixed

2.5.2

Database specific

source

"https://github.com/bitnami/vulndb/tree/main/data/harbor/BIT-harbor-2022-31666.json"