CVE-2022-31666 - Harbor Webhook Policy Deletion Vulnerability Allows Unauthorized Access and Modification

CVE-2022-31666 is a security vulnerability present in Harbor, a popular open-source container registry platform. This vulnerability allows unauthorized users to access, modify, and delete webhook policies of other users. In this post, we will dive into the code snippet that reveals the error, outline how an attacker could exploit this vulnerability, and provide links to original references, including the patch that helps fix the issue.

Code Snippet

//Go code from an older version of Harbor
func (a *APIController) DeletePolicy(ctx *gin.Context) {
  projectID, err := a.getProjectID(ctx)
  if err != nil {
    return
  }
  policyID, err := strconv.ParseInt(ctx.Param("id"), 10, 64)
  if err != nil {
    ctx.AbortWithError(http.StatusBadRequest, err)
    return
  }

  _, err := a.policyCtl.Get(policyID) // The problematic line. Missing permission check here.
  if err != nil {
    a.sendError(ctx, err)
    return
  }

  err = a.policyCtl.Delete(ctx, policyID)
  if err != nil {
    a.sendError(ctx, err)
    return
  }

  ctx.Status(http.StatusNoContent)
}

This code snippet is taken from an older version of the Harbor project. The issue lies within the DeletePolicy function, which is responsible for deleting webhook policies. The problem stems from the fact that there is no validation of user permissions before performing the deletion.

Exploit Details

To exploit this vulnerability, an attacker would first need to obtain the ID of a webhook policy that they want to modify or delete. Once they have this ID, they would send a DELETE request to the Harbor endpoint. Harbor would process the request without any further permission checks.

As a result, the attacker could potentially change the webhook policies of another user's project, leading to unauthorized access, potentially altering the Docker image build process or misdirecting notifications from the webhook.

Original References

1. The Initial report of this vulnerability can be accessed at Harbor GitHub issue
2. The complete fix for this vulnerability can be found in the GitHub pull request that addresses the issue.

Mitigation and Conclusion

After learning about this vulnerability, the Harbor project addressed the issue comprehensively. Users are recommended to upgrade their Harbor installation to the patched version, which can be found on the Harbor GitHub repository. Upgrading to the latest version ensures that your Harbor instance is secure, and users can continue to utilize Harbor's features with confidence.

This vulnerability highlights the importance of developers paying attention to permission checks when building web applications, as simple oversights can lead to severe consequences. In the case of Harbor, developers quickly identified and fixed the issue, ensuring that the project remains reliable and secure. As a user, it is essential to keep your systems and applications updated to minimize the risk of exploitation.

Timeline

Published on: 11/14/2024 11:32:32 UTC