Harbor fails to validate user permissions while deleting Webhook policies, allowing malicious users to view, update and delete Webhook policies of other users. The attacker could modify Webhook policies configured in other projects.
Metrics
Affected Vendors & Products
References
History
Thu, 14 Nov 2024 14:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Thu, 14 Nov 2024 11:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Harbor fails to validate user permissions while deleting Webhook policies, allowing malicious users to view, update and delete Webhook policies of other users. The attacker could modify Webhook policies configured in other projects. | |
Title | Harbor fails to validate user permissions while Viewing, updating and deleting Webhook policies | |
Weaknesses | CWE-285 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: vmware
Published: 2024-11-14T11:32:32.600Z
Updated: 2024-11-14T14:10:46.880Z
Reserved: 2022-05-25T23:31:47.418Z
Link: CVE-2022-31666
Vulnrichment
Updated: 2024-11-14T14:10:33.543Z
NVD
Status : Awaiting Analysis
Published: 2024-11-14T12:15:16.083
Modified: 2024-11-15T13:58:08.913
Link: CVE-2022-31666
Redhat
No data.