Количество 2
Количество 2
CVE-2022-31667
Harbor fails to validate the user permissions when updating a robot account that belongs to a project that the authenticated user doesn’t have access to. By sending a request that attempts to update a robot account, and specifying a robot account id and robot account name that belongs to a different project that the user doesn’t have access to, it was possible to revoke the robot account permissions.
GHSA-xx9w-464f-7h6f
Harbor fails to validate the user permissions when updating a robot account
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2022-31667 Harbor fails to validate the user permissions when updating a robot account that belongs to a project that the authenticated user doesn’t have access to. By sending a request that attempts to update a robot account, and specifying a robot account id and robot account name that belongs to a different project that the user doesn’t have access to, it was possible to revoke the robot account permissions. | CVSS3: 6.4 | 0% Низкий | 7 месяцев назад |
| GHSA-xx9w-464f-7h6f Harbor fails to validate the user permissions when updating a robot account | CVSS3: 6.4 | 0% Низкий | почти 3 года назад |
Уязвимостей на страницу