CVE-2022-31666

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2022-31666
Harbor fails to validate user permissions while deleting Webhook policies, allowing malicious users to view, update and delete Webhook policies of other users.  The attacker could modify Webhook policies configured in other projects.

7.7 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.1 / Impact : 4.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope CHANGED

References
Link Resource
https://github.com/goharbor/harbor/security/advisories/GHSA-8hwq-5f22-jfr3
Configurations

No configuration.

History

15 Nov 2024, 13:58

Type Values Removed Values Added
Summary
  • (es) Harbor no puede validar los permisos de los usuarios al eliminar políticas de Webhook, lo que permite que usuarios malintencionados vean, actualicen y eliminen políticas de Webhook de otros usuarios. El atacante podría modificar políticas de Webhook configuradas en otros proyectos.

14 Nov 2024, 12:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-11-14 12:15

Updated : 2024-11-15 13:58

NVD link : CVE-2022-31666

Mitre link : CVE-2022-31666

CVE.ORG link : CVE-2022-31666

JSON object : View

Products Affected

No product.

CWE
CWE-285

Improper Authorization


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024