High severityNVD Advisory· Published Nov 14, 2024· Updated Nov 14, 2024
Harbor fails to validate the user permissions when updating tag retention policies
CVE-2022-31670
Description
Harbor fails to validate the user permissions when updating tag retention policies.
By sending a request to update a tag retention policy with an id that belongs to a project that the currently authenticated user doesn’t have access to, the attacker could modify tag retention policies configured in other projects.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/goharbor/harborGo | >= 1.0.0, < 1.10.13 | 1.10.13 |
github.com/goharbor/harborGo | >= 2.0.0, < 2.4.3 | 2.4.3 |
github.com/goharbor/harborGo | >= 2.5.0, < 2.5.2 | 2.5.2 |
Affected products
3- osv-coords2 versions
>= 1.0.0, < 1.10.13+ 1 more
- (no CPE)range: >= 1.0.0, < 1.10.13
- (no CPE)range: >= 1.0.0, < 1.10.13
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.