CVE-2022-31666

EUVD-2022-6853
Harbor fails to validate user permissions while deleting Webhook policies, allowing malicious users to view, update and delete Webhook policies of other users.  The attacker could modify Webhook policies configured in other projects.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.7 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
vmwareCNA
7.7 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 26%
Affected Products (NVD)
VendorProductVersion
linuxfoundationharbor
2.0.0 ≤
𝑥
< 2.4.3
linuxfoundationharbor
2.5.0 ≤
𝑥
< 2.5.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/goharbor/harbor/security/advisories/GHSA-8hwq-5f22-jfr3