ByteOS Network

NVD Vulnerability Details :

CVE-2024-22278

Modified

Source-security@vmware.com

Published At-02 Aug, 2024 | 01:15

Updated At-14 Aug, 2024 | 22:15

Incorrect user permission validation in Harbor <v2.9.5 and Harbor <v2.10.3 allows authenticated users to modify configurations.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Type	Version	Base score	Base severity	Vector
Primary	3.1	4.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Secondary	3.1	6.4	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L

>>harbor>>Versions before 2.9.5(exclusive)

>>harbor>>Versions from 2.10.0(inclusive) to 2.10.3(exclusive)

CWE ID	Type	Source
NVD-CWE-Other	Primary	nvd@nist.gov
CWE-269	Secondary	security@vmware.com

Hyperlink	Source	Resource
https://github.com/goharbor/harbor/security/advisories/GHSA-hw28-333w-qxp3	security@vmware.com	Third Party Advisory