VDB
CVE-2022-31668
CVE-2022-31668
PUBLISHED
Harbor fails to validate the user permissions when updating p2p preheat policies. By sending a request to update a p2p preheat policy with an id that belongs to a project that the currently authenticated user doesn't have access to, the attacker could modify p2p preheat policies configured in other projects.
EPSS 0.05% · 17.5th percentile
Risk Scores
EPSS Score
0.05%
17.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitnami | harbor | 2.0.0, 2.5.0 |
| Bitnami | harbor | 2.0.0, 2.5.0 |
Exploit Intelligence
- CIRCL seen: CVE-2022-31668 (circl-sighting)
- https://github.com/goharbor/harbor/security/advisories/GHSA-3wpx-625q-22j7 (circl)
Timeline
- Nov 14, 2024 CVE Published
- Nov 14, 2024 PoC Published
- Nov 15, 2024 EPSS Score
- Nov 19, 2024 CVE Updated
- Dec 4, 2024 EPSS Score
- Dec 21, 2024 EPSS Score
- Jan 8, 2025 EPSS Score
- Jan 25, 2025 EPSS Score
- Feb 12, 2025 EPSS Score
- Mar 2, 2025 EPSS Score
- Mar 19, 2025 EPSS Score
- Apr 6, 2025 EPSS Score