Unauthorized Access to Webhook Policies in Harbor
CVE-2022-31666

7.7HIGH

Key Information:

Vendor: Harbor
Status: Harbor
Vendor: CVE Published:; 14 November 2024

What is CVE-2022-31666?

Harbor, a popular open-source cloud-native registry, has a vulnerability that allows unauthorized users to manipulate Webhook policies. This issue stems from the application's failure to properly validate user permissions during the deletion of Webhook policies. As a result, malicious actors can gain access to, modify, or delete Webhook configurations established by other users across different projects. This could lead to unauthorized notifications or actions being triggered, compromising the integrity of the application and potentially harmful consequences to related services.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Harbor Harbor 2.x<=2.4.2; 2.5<=2.5.1

References

https://github.com/goharbor/harbor/security/advisories/GH...

CVSS V3.1

Score:

7.7

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Nov 14, 2024
Vulnerability Reserved
May 25, 2022

JSON

Harbor