Description

Harbor fails to validate the user permissions when updating a robot account that belongs to a project that the authenticated user doesn’t have access to.  By sending a request that attempts to update a robot account, and specifying a robot account id and robot account name that belongs to a different project that the user doesn’t have access to, it was possible to revoke the robot account permissions.

INFO

Published Date :

2024-11-14T11:50:48.289Z

Last Modified :

2024-11-14T14:11:06.110Z

Source :

vmware
AFFECTED PRODUCTS

The following products are affected by CVE-2022-31667 vulnerability.

Vendors Products
Linuxfoundation
  • Harbor
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2022-31667.

URL Resource
https://github.com/goharbor/harbor/security/advisories/GHSA-xx9w-464f-7h6f cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact