cbcvebase.
CVE-2022-31666
published 2024-11-14

CVE-2022-31666: Harbor fails to validate user permissions while deleting Webhook policies, allowing malicious users to view, update and delete Webhook policies of other users…

PriorityP430medium5.4CVSS 3.1
AVNACLPRLUINSUCLILAN
EPSS
0.49%
38.5th percentile
Harbor fails to validate user permissions while deleting Webhook policies, allowing malicious users to view, update and delete Webhook policies of other users. The attacker could modify Webhook policies configured in other projects.

Affected

6 ranges
VendorProductVersion rangeFixed in
github.comgoharbor_harbor>= 1.0.0 < 1.10.131.10.13
github.comgoharbor_harbor>= 2.0.0 < 2.4.32.4.3
github.comgoharbor_harbor>= 2.5.0 < 2.5.22.5.2
linuxfoundationharbor
linuxfoundationharbor>= 2.0.0 < 2.4.32.4.3
linuxfoundationharbor>= 2.5.0 < 2.5.22.5.2
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.