BIT-harbor-2022-31669

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/harbor/BIT-harbor-2022-31669.json

JSON Data

https://api.osv.dev/v1/vulns/BIT-harbor-2022-31669

Aliases

Published

2024-11-20T07:10:52.890Z

Modified

2024-11-20T07:56:55.895506Z

Summary

[none]

Details

Harbor fails to validate the user permissions when updating tag immutability policies. By sending a request to update a tag immutability policy with an id that belongs to aproject that the currently authenticated user doesn’t have access to, the attacker couldmodify tag immutability policies configured in other projects.

References

https://github.com/goharbor/harbor/security/advisories/GHSA-8c6p-v837-77f6

Affected packages

Bitnami / harbor

Package

Name: harbor
Purl: pkg:bitnami/harbor

Severity

7.7 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

2.0.0

Fixed

2.4.3

Introduced

2.5.0

Fixed

2.5.2