Harbor fails to validate the user permissions when updating tag immutability policies.
By sending a request to update a tag immutability policy with an id that belongs to a
project that the currently authenticated user doesn’t have access to, the attacker could
modify tag immutability policies configured in other projects.
Metrics
Affected Vendors & Products
References
History
Tue, 19 Nov 2024 15:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Linuxfoundation
Linuxfoundation harbor |
|
Weaknesses | CWE-863 | |
CPEs | cpe:2.3:a:linuxfoundation:harbor:*:*:*:*:*:*:*:* | |
Vendors & Products |
Linuxfoundation
Linuxfoundation harbor |
Thu, 14 Nov 2024 12:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Harbor fails to validate the user permissions when updating tag immutability policies. By sending a request to update a tag immutability policy with an id that belongs to a project that the currently authenticated user doesn’t have access to, the attacker could modify tag immutability policies configured in other projects. | |
Title | Harbor fails to validate the user permissions when updating tag immutability policies | |
Weaknesses | CWE-285 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: vmware
Published: 2024-11-14T11:48:03.444Z
Updated: 2024-11-15T17:30:33.229Z
Reserved: 2022-05-25T23:31:47.418Z
Link: CVE-2022-31669
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2024-11-14T12:15:16.817
Modified: 2024-11-19T15:20:01.913
Link: CVE-2022-31669
Redhat
No data.