CVE-2022-31666

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-31666

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-31666.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-31666

Aliases

GHSA-8hwq-5f22-jfr3
GHSA-jf8p-3vjh-pq94

Published

2024-11-14T12:15:16Z

Modified

2025-03-01T08:57:16.203729Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Harbor fails to validate user permissions while deleting Webhook policies, allowing malicious users to view, update and delete Webhook policies of other users. The attacker could modify Webhook policies configured in other projects.

References

https://github.com/goharbor/harbor/security/advisories/GHSA-8hwq-5f22-jfr3

Affected packages

Git / github.com/goharbor/harbor

Affected ranges

Type: GIT
Repo: https://github.com/goharbor/harbor
Events: Introduced

d0f3ddddab96f25b7c2de18e7aebf8f79c7b19cc

Fixed

85ef1409cba206582b1b6947c888bdbe6d5747d3