Harbor fails to validate user permissions while deleting Webhook policies, allowing malicious users to view, update and delete Webhook policies of other users.  The attacker could modify Webhook policies configured in other projects.
History

Thu, 14 Nov 2024 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 14 Nov 2024 11:45:00 +0000

Type Values Removed Values Added
Description Harbor fails to validate user permissions while deleting Webhook policies, allowing malicious users to view, update and delete Webhook policies of other users.  The attacker could modify Webhook policies configured in other projects.
Title Harbor fails to validate user permissions while Viewing, updating and deleting Webhook policies
Weaknesses CWE-285
References
Metrics cvssV3_1

{'score': 7.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: vmware

Published: 2024-11-14T11:32:32.600Z

Updated: 2024-11-14T14:10:46.880Z

Reserved: 2022-05-25T23:31:47.418Z

Link: CVE-2022-31666

cve-icon Vulnrichment

Updated: 2024-11-14T14:10:33.543Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-11-14T12:15:16.083

Modified: 2024-11-15T13:58:08.913

Link: CVE-2022-31666

cve-icon Redhat

No data.