CVE-2022-31668

CVSS v3.1

7.7

High

Vector

AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Harbor (affected versions not specified)

Description The issue arises from Harbor's failure to validate user permissions when updating p2p preheat policies. An attacker can modify p2p preheat policies in other projects by sending a request to update a policy with an id belonging to a project the authenticated user doesn't have access to.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Incorrect Authorization

Improper Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863CWE-285

Related Identifiers

BIT-HARBOR-2022-31668

CVE-2022-31668

GHSA-3WPX-625Q-22J7

GHSA-R864-28PW-8682

GO-2024-3268

OPENSUSE-SU-2024:14599-1

Affected Products

Harbor

CVE-2022-31668

Weakness Enumeration

Related Identifiers

Affected Products

References · 36