Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-31666

Harbor fails to validate user permissions while deleting Webhook policies, allowing malicious users to view, update and delete Webhook policies of other users. The attacker could modify Webhook policies configured in other projects.

Published

2024-11-14T12:15:16.083

Last Modified

2025-02-28T22:15:21.103

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 7.7 (HIGH)

Weaknesses

Type: Secondary
CWE-285
Type: Primary
CWE-862

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	linuxfoundation	harbor	< 2.4.3	Yes
Application	linuxfoundation	harbor	< 2.5.2	Yes

References

https://github.com/goharbor/harbor/security/advisories/GHSA-8hwq-5f22-jfr3 Vendor Advisory ([email protected])