CVE-2022-31667

NVD Published Date: November 14, 2024 at 12:15 PM
NVD Last Modified: November 19, 2024 at 03:25 PM
Download Patch
Vulnerability ID
CVE-2022-31667
Severity
MEDIUM
Severity Score
6.4
Summary
Harbor fails to validate the user permissions when updating a robot account that belongs to a project that the authenticated user doesn’t have access to.  By sending a request that attempts to update a robot account, and specifying a robot account id and robot account name that belongs to a different project that the user doesn’t have access to, it was possible to revoke the robot account permissions.
Mitigation and Patches
-
Exploits
-
Metasploit Payload
-
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L
CWE ID
CWE-863

Recent Publish

CVE-2022-31670

KB5046859

KB5046860

CVE-2024-4741

CVE-2024-47574

KB5046861

See More ...

See SecOps Solution
in action

Schedule Demo