CVE-2022-31670

NVD Published Date: November 14, 2024 at 12:15 PM
NVD Last Modified: November 19, 2024 at 03:20 PM
Download Patch
Vulnerability ID
CVE-2022-31670
Severity
HIGH
Severity Score
7.7
Summary
Harbor fails to validate the user permissions when updating tag retention policies.  By sending a request to update a tag retention policy with an id that belongs to a project that the currently authenticated user doesn’t have access to, the attacker could modify tag retention policies configured in other projects.
Mitigation and Patches
-
Exploits
-
Metasploit Payload
-
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
CWE ID
CWE-863

Recent Publish

KB5046859

KB5046860

CVE-2024-4741

CVE-2024-47574

KB5046861

KB5046862

See More ...

See SecOps Solution
in action

Schedule Demo