cbcvebase.
CVE-2022-31669
published 2024-11-14

CVE-2022-31669: Harbor fails to validate the user permissions when updating tag immutability policies. By sending a request to update a tag immutability policy with an id that…

PriorityP343high7.7CVSS 3.1
AVNACLPRLUINSCCNIHAN
EPSS
0.40%
31.4th percentile
Harbor fails to validate the user permissions when updating tag immutability policies. By sending a request to update a tag immutability policy with an id that belongs to a project that the currently authenticated user doesn’t have access to, the attacker could modify tag immutability policies configured in other projects.

Affected

6 ranges
VendorProductVersion rangeFixed in
github.comgoharbor_harbor>= 1.0.0 < 1.10.131.10.13
github.comgoharbor_harbor>= 2.0.0 < 2.4.32.4.3
github.comgoharbor_harbor>= 2.5.0 < 2.5.22.5.2
linuxfoundationharbor
linuxfoundationharbor>= 2.0.0 < 2.4.32.4.3
linuxfoundationharbor>= 2.5.0 < 2.5.22.5.2
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.