CVE-2022-31669
CVSS V2 None
CVSS V3 None
Description
Harbor fails to validate the user permissions when updating tag immutability policies.
By sending a request to update a tag immutability policy with an id that belongs to a
project that the currently authenticated user doesn’t have access to, the attacker could
modify tag immutability policies configured in other projects.
Overview
- CVE ID
- CVE-2022-31669
- Assigner
- vmware
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-11-14T11:48:03.444Z
- Last Modified Date
- 2024-11-14T11:48:03.444Z
Weakness Enumerations
References
Reference URL | Reference Tags |
---|---|
https://github.com/goharbor/harbor/security/advisories/GHSA-8c6p-v837-77f6 |
Sources
Source Name | Source URL |
---|---|
NIST | https://nvd.nist.gov/vuln/detail/CVE-2022-31669 |
MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31669 |
History
Created | Old Value | New Value | Data Type | Notes |
---|---|---|---|---|
2024-11-15 12:04:48 | Added to TrackCVE |