4.3 CVE-2024-22278

Privilege Escalation
 

Incorrect user permission validation in Harbor <v2.9.5 and Harbor <v2.10.3 allows authenticated users to modify configurations.
https://nvd.nist.gov/vuln/detail/CVE-2024-22278

Categories

CWE-NVD-Other

CWE-269 : Improper Privilege Management
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor. Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect "sources" (origins of input) with "sinks" (destinations where the data interacts with external components, a lower layer such as the OS, etc.) Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software. Follow the principle of least privilege when assigning access rights to entities in a software system. Consider following the principle of separation of privilege. Require multiple conditions to be met before permitting access to a system resource. Terminal privileges are not reset when a user logs out. Does not properly pass security context to child processes in certain cases, allows privilege escalation. Does not properly compute roles. untrusted user placed in unix "wheel" group Product allows users to grant themselves certain rights that can be used to escalate privileges. Product uses group ID of a user instead of the group, causing it to run with different privileges. This is resultant from some other unknown issue. Product mistakenly assigns a particular status to an entity, leading to increased privileges. FTP client program on a certain OS runs with setuid privileges and has a buffer overflow. Most clients do not need extra privileges, so an overflow is not a vulnerability for those clients. OS incorrectly installs a program with setuid privileges, allowing users to gain privileges. Composite: application running with high privileges (CWE-250) allows user to specify a restricted file to process, which generates a parsing error that leaks the contents of the file (CWE-209). Installation script installs some programs as setuid when they shouldn't be. Roles have access to dangerous procedures (Accessible entities). Untrusted object/method gets access to clipboard (Accessible entities). Traceroute program allows unprivileged users to modify source address of packet (Accessible entities). User with capability can prevent setuid program from dropping privileges (Unsafe privileged actions).

References


 

CPE

cpe start end
Configuration 1
cpe:2.3:a:linuxfoundation:harbor:*:*:*:*:*:*:*:* < 2.9.5
cpe:2.3:a:linuxfoundation:harbor:*:*:*:*:*:*:*:* >= 2.10.0 < 2.10.3


REMEDIATION




EXPLOITS


Exploit-db.com

id description date
No known exploits

POC Github

Url
No known exploits

Other Nist (github, ...)

Url
No known exploits


CAPEC


Common Attack Pattern Enumerations and Classifications

id description severity
122 Privilege Abuse
Medium
233 Privilege Escalation
58 Restful Privilege Elevation
High


MITRE


Techniques

id description
T1548 Abuse Elevation Control Mechanism
© 2022 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.

Mitigations

id description
T1548 Limit the privileges of cloud accounts to assume, create, or impersonate additional roles, policies, and permissions to only those required. Where just-in-time access is enabled, consider requiring manual approval for temporary elevation of privileges.
© 2022 The MITRE Corporation. Esta obra se reproduce y distribuye con el permiso de The MITRE Corporation.