cbcvebase.
CVE-2024-22278
published 2024-08-02

CVE-2024-22278: Incorrect user permission validation in Harbor <v2.9.5 and Harbor <v2.10.3 allows authenticated users to modify configurations.

PriorityP420medium4.3CVSS 3.1
AVNACLPRLUINSUCNILAN
EPSS
0.37%
28.6th percentile
Incorrect user permission validation in Harbor <v2.9.5 and Harbor <v2.10.3 allows authenticated users to modify configurations.

Affected

8 ranges
VendorProductVersion rangeFixed in
github.comgoharbor_harbor>= 0 < 2.9.52.9.5
github.comgoharbor_harbor>= 0 < 2.9.5+incompatible2.9.5+incompatible
github.comgoharbor_harbor>= 2.10.0 < 2.10.32.10.3
github.comgoharbor_harbor>= 2.10.0+incompatible < 2.10.3+incompatible2.10.3+incompatible
harborharbor>= 2.10.2 < <v2.10.3<v2.10.3
harborharbor>= 2.9.4 < <v2.9.5<v2.9.5
linuxfoundationharbor< 2.9.52.9.5
linuxfoundationharbor>= 2.10.0 < 2.10.32.10.3
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.