x/vulndb: potential Go vuln in github.com/goharbor/harbor: CVE-2022-31668

Advisory CVE-2022-31668 references a vulnerability in the following Go modules:

Module
github.com/goharbor/harbor

Description: Harbor fails to validate the user permissions when updating p2p preheat policies. By sending a request to update a p2p preheat policy with an id that belongs to a project that the currently authenticated user doesn't have access to, the attacker could modify p2p preheat policies configured in other projects.

References:

Cross references:

github.com/goharbor/harbor appears in 20 other report(s):
- data/excluded/GO-2022-1009.yaml (https://github.com/golang/vulndb/issues/1009) EFFECTIVELY_PRIVATE
- data/excluded/GO-2022-1010.yaml (https://github.com/golang/vulndb/issues/1010) EFFECTIVELY_PRIVATE
- data/excluded/GO-2022-1011.yaml (https://github.com/golang/vulndb/issues/1011) EFFECTIVELY_PRIVATE
- data/excluded/GO-2022-1012.yaml (https://github.com/golang/vulndb/issues/1012) EFFECTIVELY_PRIVATE
- data/excluded/GO-2022-1013.yaml (https://github.com/golang/vulndb/issues/1013) EFFECTIVELY_PRIVATE
- data/excluded/GO-2023-2245.yaml (https://github.com/golang/vulndb/issues/2245) LEGACY_FALSE_POSITIVE
- data/excluded/GO-2023-2256.yaml (https://github.com/golang/vulndb/issues/2256) LEGACY_FALSE_POSITIVE
- data/reports/GO-2022-0704.yaml (https://github.com/golang/vulndb/issues/704)
- data/reports/GO-2022-0781.yaml (https://github.com/golang/vulndb/issues/781)
- data/reports/GO-2022-0785.yaml (https://github.com/golang/vulndb/issues/785)
- data/reports/GO-2022-0818.yaml (https://github.com/golang/vulndb/issues/818)
- data/reports/GO-2022-0853.yaml (https://github.com/golang/vulndb/issues/853)
- data/reports/GO-2022-0863.yaml (https://github.com/golang/vulndb/issues/863)
- data/reports/GO-2022-0865.yaml (https://github.com/golang/vulndb/issues/865)
- data/reports/GO-2022-0876.yaml (https://github.com/golang/vulndb/issues/876)
- data/reports/GO-2022-0883.yaml (https://github.com/golang/vulndb/issues/883)
- data/reports/GO-2023-2109.yaml (https://github.com/golang/vulndb/issues/2109)
- data/reports/GO-2024-2915.yaml (https://github.com/golang/vulndb/issues/2915)
- data/reports/GO-2024-2916.yaml (https://github.com/golang/vulndb/issues/2916)
- data/reports/GO-2024-3013.yaml (https://github.com/golang/vulndb/issues/3013)

See doc/quickstart.md for instructions on how to triage this report.

id: GO-ID-PENDING
modules:
    - module: github.com/goharbor/harbor
      vulnerable_at: 2.12.0+incompatible
summary: CVE-2022-31668 in github.com/goharbor/harbor
cves:
    - CVE-2022-31668
references:
    - advisory: https://nvd.nist.gov/vuln/detail/CVE-2022-31668
    - web: https://github.com/goharbor/harbor/security/advisories/GHSA-3wpx-625q-22j7
source:
    id: CVE-2022-31668
    created: 2024-11-14T13:01:22.477854287Z
review_status: UNREVIEWED

golang / vulndb

x/vulndb: potential Go vuln in github.com/goharbor/harbor: CVE-2022-31668 #3268