Harbor fails to validate the user permissions when updating a robot account that belongs to a project that the authenticated user doesn’t have access to.
By sending a request that attempts to update a robot account, and specifying a robot account id and robot account name that belongs to a different project that the user doesn’t have access to, it was possible to revoke the robot account permissions.
Metrics
Affected Vendors & Products
References
History
Tue, 19 Nov 2024 15:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Linuxfoundation
Linuxfoundation harbor |
|
Weaknesses | CWE-863 | |
CPEs | cpe:2.3:a:linuxfoundation:harbor:*:*:*:*:*:*:*:* | |
Vendors & Products |
Linuxfoundation
Linuxfoundation harbor |
Thu, 14 Nov 2024 14:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Thu, 14 Nov 2024 12:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Harbor fails to validate the user permissions when updating a robot account that belongs to a project that the authenticated user doesn’t have access to. By sending a request that attempts to update a robot account, and specifying a robot account id and robot account name that belongs to a different project that the user doesn’t have access to, it was possible to revoke the robot account permissions. | |
Title | Harbor fails to validate the user permissions when updating a robot account | |
Weaknesses | CWE-285 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: vmware
Published: 2024-11-14T11:50:48.289Z
Updated: 2024-11-14T14:11:06.110Z
Reserved: 2022-05-25T23:31:47.418Z
Link: CVE-2022-31667
Vulnrichment
Updated: 2024-11-14T14:10:52.881Z
NVD
Status : Analyzed
Published: 2024-11-14T12:15:16.390
Modified: 2024-11-19T15:25:29.643
Link: CVE-2022-31667
Redhat
No data.