Unauthorized Access to Webhook Policies in Harbor

CVE-2022-31666

7.7HIGH

Key Information

Vendor: Harbor
Status: Harbor
Vendor: CVE Published:; 14 November 2024

Summary

Harbor fails to validate user permissions while deleting Webhook policies, allowing malicious users to view, update and delete Webhook policies of other users. The attacker could modify Webhook policies configured in other projects.

Affected Version(s)

Harbor = Harbor 2.x<=2.4.2; 2.5<=2.5.1

CVSS V3.1

Score:

7.7

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published.
Nov 14, 2024
Vulnerability Reserved.
May 25, 2022

Collectors

NVD DatabaseMitre Database