CVE-2022-31667

NVD Published Date: November 14, 2024 at 12:15 PM
NVD Last Modified: November 14, 2024 at 12:15 PM
Download Patch
Vulnerability ID
CVE-2022-31667
Severity
None
Severity Score
None
Summary
Harbor fails to validate the user permissions when updating a robot account that belongs to a project that the authenticated user doesn’t have access to.  By sending a request that attempts to update a robot account, and specifying a robot account id and robot account name that belongs to a different project that the user doesn’t have access to, it was possible to revoke the robot account permissions.
References
Mitigation and Patches
-
Exploits
-
Metasploit Payload
-
Vector
None
CWE ID
None

Recent Publish

CVE-2022-31670

KB5046859

KB5046860

CVE-2024-4741

CVE-2024-47574

KB5046861

See More ...

See SecOps Solution
in action

Schedule Demo
Agentless security for your infrastructure and applications - to build faster, more securely and in a fraction of the operational cost of other solutions
hello@secopsolution.com
+569-231-213
Compare
Qualys Cloud Agent Tenable Nessus Rapid7 InsightVM
Company
About Us Contact Career
Resources
Blog Sample Reports CVE Windows KB Case Studies eBooks Policy Templates Webinar
Try It
Patch Astra EPSS Calculator Contact Free Scan Schedule Demo Log In
© 2024  SecOps Solution, Inc.| Privacy Policy | Terms and Conditions .
Social Media :