CVE-2022-31666
Harbor fails to validate user permissions while Viewing, updating and deleting Webhook policies
7.7
HIGH
CVSS 3.1
EPSS 0.13%
Description
Harbor fails to validate user permissions while deleting Webhook policies, allowing malicious users to view, update and delete Webhook policies of other users. The attacker could modify Webhook policies configured in other projects.
How to fix CVE-2022-31666
To remediate CVE-2022-31666, upgrade the affected package to a fixed version below.
- —upgrade to 2.4.3 or later
- —upgrade to 1.10.13 or later
Is CVE-2022-31666 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- >= 2.0.0, < 2.4.3, >= 2.5.0, < 2.5.2
- >= 1.0.0, < 1.10.13
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.7 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N |