Harbor fails to validate the user permissions when updating tag immutability policies.  By sending a request to update a tag immutability policy with an id that belongs to a project that the currently authenticated user doesn’t have access to, the attacker could modify tag immutability policies configured in other projects.
History

Tue, 19 Nov 2024 15:45:00 +0000

Type Values Removed Values Added
First Time appeared Linuxfoundation
Linuxfoundation harbor
Weaknesses CWE-863
CPEs cpe:2.3:a:linuxfoundation:harbor:*:*:*:*:*:*:*:*
Vendors & Products Linuxfoundation
Linuxfoundation harbor

Thu, 14 Nov 2024 12:00:00 +0000

Type Values Removed Values Added
Description Harbor fails to validate the user permissions when updating tag immutability policies.  By sending a request to update a tag immutability policy with an id that belongs to a project that the currently authenticated user doesn’t have access to, the attacker could modify tag immutability policies configured in other projects.
Title Harbor fails to validate the user permissions when updating tag immutability policies
Weaknesses CWE-285
References
Metrics cvssV3_1

{'score': 6.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L'}


cve-icon MITRE

Status: PUBLISHED

Assigner: vmware

Published: 2024-11-14T11:48:03.444Z

Updated: 2024-11-15T17:30:33.229Z

Reserved: 2022-05-25T23:31:47.418Z

Link: CVE-2022-31669

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2024-11-14T12:15:16.817

Modified: 2024-11-19T15:20:01.913

Link: CVE-2022-31669

cve-icon Redhat

No data.