CVE-2022-31666

Harbor fails to validate user permissions while deleting Webhook policies, allowing malicious users to view, update and delete Webhook policies of other users.The attacker could modify Webhook policies configured in other projects.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.7 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
vmwareCNA
7.7 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 22%
VendorProductVersion
linuxfoundationharbor
2.0.0 ≤
𝑥
< 2.4.3
linuxfoundationharbor
2.5.0 ≤
𝑥
< 2.5.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/goharbor/harbor/security/advisories/GHSA-8hwq-5f22-jfr3