Security Advisory

CVE-2022-31667

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-11-14 11:50:48

Last updated 2024-11-14 14:11:06

Assigner vmware

State PUBLISHED

Description

Harbor fails to validate the user permissions when updating a robot account that belongs to a project that the authenticated user doesn’t have access to. By sending a request that attempts to update a robot account, and specifying a robot account id and robot account name that belongs to a different project that the user doesn’t have access to, it was possible to revoke the robot account permissions.

← Browse all CVEs View on cve.org ↗