CVE-2022-31668
CVSS V2 None
CVSS V3 None
Description
Harbor fails to validate the user permissions when updating p2p preheat policies. By sending a request to update a p2p preheat policy with an id that belongs to a project that the currently authenticated user doesn't have access to, the attacker could modify p2p preheat policies configured in other projects.
Overview
- CVE ID
- CVE-2022-31668
- Assigner
- vmware
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-11-14T11:56:31.043Z
- Last Modified Date
- 2024-11-14T19:33:24.795Z
Weakness Enumerations
References
Reference URL | Reference Tags |
---|---|
https://github.com/goharbor/harbor/security/advisories/GHSA-3wpx-625q-22j7 |
Sources
Source Name | Source URL |
---|---|
NIST | https://nvd.nist.gov/vuln/detail/CVE-2022-31668 |
MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31668 |
History
Created | Old Value | New Value | Data Type | Notes |
---|---|---|---|---|
2024-11-15 12:04:49 | Added to TrackCVE |