CVE-2022-31668

HIGH Year: 2022
CVSS v3 Score
7.7
High
Weakness Type
CWE-285
View all →

Vulnerability Description

Harbor fails to validate the user permissions when updating p2p preheat policies. By sending a request to update a p2p preheat policy with an id that belongs to a project that the currently authenticated user doesn't have access to, the attacker could modify p2p preheat policies configured in other projects.

Related Vulnerabilities

CVE-2020-16096

HIGH
CVSS:7.7(High)

In Gallagher Command Centre versions 8.10 prior to 8.10.1134(MR4), 8.00 prior to 8.00.1161(MR5), 7.90 prior to 7.90.991(MR5), 7.80 prior to 7.80.960(MR2), 7.70 and earlier, any operator account has ac...

CWE-2852020

CVE-2022-31669

HIGH
CVSS:7.7(High)

Harbor fails to validate the user permissions when updating tag immutability policies. By sending a request to update a tag immutability policy with an id that belongs to a project that the currently ...

CWE-2852022

CVE-2022-31670

HIGH
CVSS:7.7(High)

Harbor fails to validate the user permissions when updating tag retention policies. By sending a request to update a tag retention policy with an id that belongs to a project that the currently authen...

CWE-2852022

CVE-2024-47053

HIGH
CVSS:7.7(High)

This advisory addresses an authorization vulnerability in Mautic's HTTP Basic Authentication implementation. This flaw could allow unauthorized access to sensitive report data. * Improper Authorizatio...

CWE-2852024

CVE-2014-9945

HIGH
CVSS:7.8(High)

In TrustZone in all Android releases from CAF using the Linux kernel, an Improper Authorization vulnerability could potentially exist.

CWE-2852014

CVE-2014-9950

HIGH
CVSS:7.8(High)

In Core Kernel in all Android releases from CAF using the Linux kernel, an Improper Authorization vulnerability could potentially exist.

CWE-2852014