Improper Authorization
CVE-2022-31670
Summary
Harbor versions 1.0 through 1.10.12, 2.0 through 2.4.2 and 2.5 through 2.5.1 fails to validate the user permissions when updating tag retention policies.
- LOW
- NETWORK
- HIGH
- CHANGED
- NONE
- LOW
- NONE
- NONE
CWE-285 - Improper Authorization
The software does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.
References
Advisory Timeline
- Published