VYPR
High severityNVD Advisory· Published Nov 14, 2024· Updated Nov 14, 2024

Harbor fails to validate user permissions while Viewing, updating and deleting Webhook policies

CVE-2022-31666

Description

Harbor fails to validate user permissions while deleting Webhook policies, allowing malicious users to view, update and delete Webhook policies of other users.  The attacker could modify Webhook policies configured in other projects.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/goharbor/harborGo
>= 1.0.0, < 1.10.131.10.13
github.com/goharbor/harborGo
>= 2.0.0, < 2.4.32.4.3
github.com/goharbor/harborGo
>= 2.5.0, < 2.5.22.5.2

Affected products

3

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.