cbcvebase.
CVE-2022-31668
published 2024-11-14

CVE-2022-31668: Harbor fails to validate the user permissions when updating p2p preheat policies. By sending a request to update a p2p preheat policy with an id that belongs…

PriorityP343high7.7CVSS 3.1
AVNACLPRLUINSCCNIHAN
EPSS
0.30%
21.2th percentile
Harbor fails to validate the user permissions when updating p2p preheat policies. By sending a request to update a p2p preheat policy with an id that belongs to a project that the currently authenticated user doesn't have access to, the attacker could modify p2p preheat policies configured in other projects.

Affected

8 ranges
VendorProductVersion rangeFixed in
github.comgoharbor_harbor>= 2.0.0 < 2.4.32.4.3
github.comgoharbor_harbor>= 2.0.0+incompatible < 2.4.3+incompatible2.4.3+incompatible
github.comgoharbor_harbor>= 2.5.0 < 2.5.22.5.2
github.comgoharbor_harbor>= 2.5.0+incompatible < 2.5.2+incompatible2.5.2+incompatible
github.comgoharbor_harbor_src>= 0 < 0.0.0-20220630175814-b4ef1db0.0.0-20220630175814-b4ef1db
linuxfoundationharbor
linuxfoundationharbor>= 2.0.0 < 2.4.32.4.3
linuxfoundationharbor>= 2.5.0 < 2.5.22.5.2
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.