VDB

CVE-2022-31668

CVE-2022-31668 PUBLISHED

Harbor fails to validate the user permissions when updating p2p preheat policies. By sending a request to update a p2p preheat policy with an id that belongs to a project that the currently authenticated user doesn't have access to, the attacker could modify p2p preheat policies configured in other projects.

EPSS 0.05% · 17.5th percentile

Risk Scores

EPSS Score
0.05%
17.5th percentile

Affected Products

VendorProductVersions
Bitnamiharbor2.0.0, 2.5.0
Bitnamiharbor2.0.0, 2.5.0

Timeline

  • Nov 14, 2024 CVE Published
  • Nov 14, 2024 PoC Published
  • Nov 15, 2024 EPSS Score
  • Nov 19, 2024 CVE Updated
  • Dec 4, 2024 EPSS Score
  • Dec 21, 2024 EPSS Score
  • Jan 8, 2025 EPSS Score
  • Jan 25, 2025 EPSS Score
  • Feb 12, 2025 EPSS Score
  • Mar 2, 2025 EPSS Score
  • Mar 19, 2025 EPSS Score
  • Apr 6, 2025 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›