CVE-2022-31670
CVSS V2 None
CVSS V3 None
Description
Harbor fails to validate the user permissions when updating tag retention policies.
By sending a request to update a tag retention policy with an id that belongs to a project that the currently authenticated user doesn’t have access to, the attacker could modify
tag retention policies configured in other projects.
Overview
- CVE ID
- CVE-2022-31670
- Assigner
- vmware
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-11-14T11:45:22.257Z
- Last Modified Date
- 2024-11-14T14:09:48.571Z
Weakness Enumerations
References
Reference URL | Reference Tags |
---|---|
https://github.com/goharbor/harbor/security/advisories/GHSA-3637-v6vq-xqqw |
Sources
Source Name | Source URL |
---|---|
NIST | https://nvd.nist.gov/vuln/detail/CVE-2022-31670 |
MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31670 |
History
Created | Old Value | New Value | Data Type | Notes |
---|---|---|---|---|
2024-11-15 12:04:50 | Added to TrackCVE |