cbcvebase.
CVE-2022-31670
published 2024-11-14

CVE-2022-31670: Harbor fails to validate the user permissions when updating tag retention policies. By sending a request to update a tag retention policy with an id that…

PriorityP344high7.7CVSS 3.1
AVNACLPRLUINSCCNIHAN
EPSS
0.53%
40.8th percentile
Harbor fails to validate the user permissions when updating tag retention policies. By sending a request to update a tag retention policy with an id that belongs to a project that the currently authenticated user doesn’t have access to, the attacker could modify tag retention policies configured in other projects.

Affected

7 ranges
VendorProductVersion rangeFixed in
github.comgoharbor_harbor>= 1.0.0 < 1.10.131.10.13
github.comgoharbor_harbor>= 2.0.0 < 2.4.32.4.3
github.comgoharbor_harbor>= 2.5.0 < 2.5.22.5.2
linuxfoundationharbor
linuxfoundationharbor>= 1.0.0 < 1.10.131.10.13
linuxfoundationharbor>= 2.0.0 < 2.4.32.4.3
linuxfoundationharbor>= 2.5.0 < 2.5.22.5.2
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.