Lucene search
VmwareCVE-2024-22278HistoryAug 02, 2024 - 1:15 a.m.
CVE-2024-22278
2024-08-0201:15:23
CWE-269
vmware
web.nvd.nist.gov
20
harbor
permission validation
configurations
authenticated users
CVSS3
6.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L
AI Score
5.4
Confidence
High
EPSS
0
Percentile
14.5%
Incorrect user permission validation in Harbor <v2.9.5 and Harbor <v2.10.3 allows authenticated users to modify configurations.
Affected configurations
Node
linuxfoundationharborRange<2.9.5
ORlinuxfoundationharborRange2.10.0–2.10.3
| Vendor | Product | Version | CPE |
|---|---|---|---|
| linuxfoundation | harbor | * | cpe:2.3:a:linuxfoundation:harbor:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "harbor",
"vendor": "harbor",
"versions": [
{
"lessThan": "<v2.9.5",
"status": "affected",
"version": "2.9.4",
"versionType": "custom"
},
{
"lessThan": "<v2.10.3",
"status": "affected",
"version": "2.10.2",
"versionType": "custom"
}
]
}
]Related
github
github
osv
osv
Harbor fails to validate the user permissions when updating project configurations in github.com/goharbor/harbor
2024-08-06 22:03:16
BIT-harbor-2024-22278
2024-08-10 07:20:13
veracode
veracode
Improper Permission Validation
2024-08-01 05:55:49
cvelist
cvelist
vulnrichment
vulnrichment
nvd
nvd
CVE-2024-22278
2024-08-02 01:15:23
CVSS3
6.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L
AI Score
5.4
Confidence
High
EPSS
0
Percentile
14.5%
Related for CVE-2024-22278