4.3 CVE-2024-22278
Privilege Escalation
Incorrect user permission validation in Harbor <v2.9.5 and Harbor <v2.10.3 allows authenticated users to modify configurations.
https://nvd.nist.gov/vuln/detail/CVE-2024-22278
Categories
CWE-NVD-Other
CWE-269 : Improper Privilege Management
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor. Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect "sources" (origins of input) with "sinks" (destinations where the data interacts with external components, a lower layer such as the OS, etc.) Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software. Follow the principle of least privilege when assigning access rights to entities in a software system. Consider following the principle of separation of privilege. Require multiple conditions to be met before permitting access to a system resource. Terminal privileges are not reset when a user logs out. Does not properly pass security context to child processes in certain cases, allows privilege escalation. Does not properly compute roles. untrusted user placed in unix "wheel" group Product allows users to grant themselves certain rights that can be used to escalate privileges. Product uses group ID of a user instead of the group, causing it to run with different privileges. This is resultant from some other unknown issue. Product mistakenly assigns a particular status to an entity, leading to increased privileges. FTP client program on a certain OS runs with setuid privileges and has a buffer overflow. Most clients do not need extra privileges, so an overflow is not a vulnerability for those clients. OS incorrectly installs a program with setuid privileges, allowing users to gain privileges. Composite: application running with high privileges (CWE-250) allows user to specify a restricted file to process, which generates a parsing error that leaks the contents of the file (CWE-209). Installation script installs some programs as setuid when they shouldn't be. Roles have access to dangerous procedures (Accessible entities). Untrusted object/method gets access to clipboard (Accessible entities). Traceroute program allows unprivileged users to modify source address of packet (Accessible entities). User with capability can prevent setuid program from dropping privileges (Unsafe privileged actions).
References
security@vmware.com
https://github.com/goharbor/harbor/security/advisories/GHSA-hw28-333w-qxp3 Third Party Advisory |
CPE
cpe | start | end |
---|---|---|
Configuration 1 | ||
cpe:2.3:a:linuxfoundation:harbor:*:*:*:*:*:*:*:* | < 2.9.5 | |
cpe:2.3:a:linuxfoundation:harbor:*:*:*:*:*:*:*:* | >= 2.10.0 | < 2.10.3 |
REMEDIATION
EXPLOITS
Exploit-db.com
id | description | date | |
---|---|---|---|
No known exploits |
POC Github
Url |
---|
No known exploits |
Other Nist (github, ...)
Url |
---|
No known exploits |
CAPEC
Common Attack Pattern Enumerations and Classifications
id | description | severity |
---|---|---|
122 | Privilege Abuse |
Medium |
233 | Privilege Escalation |
|
58 | Restful Privilege Elevation |
High |
MITRE
Techniques
id | description |
---|---|
T1548 | Abuse Elevation Control Mechanism |
© 2022 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation. |
Mitigations
id | description |
---|---|
T1548 | Limit the privileges of cloud accounts to assume, create, or impersonate additional roles, policies, and permissions to only those required. Where just-in-time access is enabled, consider requiring manual approval for temporary elevation of privileges. |
© 2022 The MITRE Corporation. Esta obra se reproduce y distribuye con el permiso de The MITRE Corporation. |
Cybersecurity needs ?
Strengthen software security from the outset with our DevSecOps expertise
Integrate security right from the start of the software development cycle for more robust applications and greater customer confidence.
Our team of DevSecOps experts can help you secure your APIs, data pipelines, CI/CD chains, Docker containers and Kubernetes deployments.