High severityNVD Advisory· Published Nov 14, 2024· Updated Nov 14, 2024
User permission validation failure and disclosure of P2P preheat execution logs
CVE-2022-31668
Description
Harbor fails to validate the user permissions when updating p2p preheat policies. By sending a request to update a p2p preheat policy with an id that belongs to a project that the currently authenticated user doesn't have access to, the attacker could modify p2p preheat policies configured in other projects.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/goharbor/harborGo | >= 2.0.0, < 2.4.3 | 2.4.3 |
github.com/goharbor/harborGo | >= 2.5.0, < 2.5.2 | 2.5.2 |
github.com/goharbor/harbor/srcGo | < 0.0.0-20220630175814-b4ef1db | 0.0.0-20220630175814-b4ef1db |
Affected products
5- osv-coords4 versionspkg:bitnami/harborpkg:golang/github.com/goharbor/harborpkg:golang/github.com/goharbor/harbor/srcpkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Tumbleweed
>= 2.0.0, < 2.4.3+ 3 more
- (no CPE)range: >= 2.0.0, < 2.4.3
- (no CPE)range: >= 2.0.0, < 2.4.3
- (no CPE)range: < 0.0.0-20220630175814-b4ef1db
- (no CPE)range: < 0.0.20241213T205935-1.1
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.