CVE-2022-31667
CVSS V2 None
CVSS V3 None
Description
Harbor fails to validate the user permissions when updating a robot account that belongs to a project that the authenticated user doesn’t have access to.
By sending a request that attempts to update a robot account, and specifying a robot account id and robot account name that belongs to a different project that the user doesn’t have access to, it was possible to revoke the robot account permissions.
Overview
- CVE ID
- CVE-2022-31667
- Assigner
- vmware
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-11-14T11:50:48.289Z
- Last Modified Date
- 2024-11-14T14:11:06.110Z
Weakness Enumerations
References
Reference URL | Reference Tags |
---|---|
https://github.com/goharbor/harbor/security/advisories/GHSA-xx9w-464f-7h6f |
Sources
Source Name | Source URL |
---|---|
NIST | https://nvd.nist.gov/vuln/detail/CVE-2022-31667 |
MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31667 |
History
Created | Old Value | New Value | Data Type | Notes |
---|---|---|---|---|
2024-11-15 12:05:24 | Added to TrackCVE |