CVE-2022-31666

Harbor fails to validate user permissions while Viewing, updating and deleting Webhook policies

Description

Harbor fails to validate user permissions while deleting Webhook policies, allowing malicious users to view, update and delete Webhook policies of other users. The attacker could modify Webhook policies configured in other projects.

INFO

Published Date :

2024-11-14T11:32:32.600Z

Last Modified :

2024-11-14T14:10:46.880Z

Source :

vmware

AFFECTED PRODUCTS

The following products are affected by CVE-2022-31666 vulnerability.

Vendors	Products
Goharbor	Harbor

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2022-31666.

URL	Resource
https://github.com/goharbor/harbor/security/advisories/GHSA-8hwq-5f22-jfr3

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact