We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2022-31666

Harbor fails to validate user permissions while Viewing, updating and deleting Webhook policies



Description

Harbor fails to validate user permissions while deleting Webhook policies, allowing malicious users to view, update and delete Webhook policies of other users.  The attacker could modify Webhook policies configured in other projects.

Reserved 2022-05-25 | Published 2024-11-14 | Updated 2024-11-14 | Assigner vmware


HIGH: 7.7CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Problem types

CWE-285

References

github.com/...harbor/security/advisories/GHSA-8hwq-5f22-jfr3

cve.org (CVE-2022-31666)

nvd.nist.gov (CVE-2022-31666)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2022-31666

Support options

Helpdesk Chat, Email, Knowledgebase
Subscribe to our newsletter to learn more about our work.