CVE-2022-31666

Source
https://cve.org/CVERecord?id=CVE-2022-31666
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-31666.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-31666
Aliases
Published
2024-11-14T11:32:32.600Z
Modified
2026-07-08T06:03:55.109146023Z
Severity
  • 7.7 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVSS Calculator
Summary
Harbor fails to validate user permissions while Viewing, updating and deleting Webhook policies
Details

Harbor fails to validate user permissions while deleting Webhook policies, allowing malicious users to view, update and delete Webhook policies of other users.  The attacker could modify Webhook policies configured in other projects.

Database specific
{
    "unresolved_ranges": [
        {
            "source": "AFFECTED_FIELD",
            "extracted_events": [
                {
                    "introduced": "Harbor 2.x<=2.4.2; 2.5<=2.5.1"
                },
                {
                    "last_affected": "Harbor 2.x<=2.4.2; 2.5<=2.5.1"
                }
            ]
        }
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/31xxx/CVE-2022-31666.json",
    "cwe_ids": [
        "CWE-285"
    ],
    "cna_assigner": "vmware"
}
References

Affected packages

Git / github.com/goharbor/harbor

Affected ranges

Type
GIT
Repo
https://github.com/goharbor/harbor
Events
Database specific
{
    "source": "CPE_RANGE",
    "cpe": "cpe:2.3:a:linuxfoundation:harbor:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "2.0.0"
        },
        {
            "fixed": "2.4.3"
        },
        {
            "introduced": "2.5.0"
        },
        {
            "fixed": "2.5.2"
        }
    ]
}

Affected versions

v2.*
v2.5.0
v2.5.0-rc4
v2.5.1
v2.5.1-rc1

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-31666.json"