Skip to main content
Version: latest

CVE-2024-40464

CVE Details

Visit the official vulnerability details page for CVE-2024-40464 to learn more.

Initial Publication

01/27/2025

Last Update

04/08/2025

Third Party Dependency

github.com/beego/beego/v2

NIST CVE Summary

An issue in beego v.2.2.0 and before allows a remote attacker to escalate privileges via the sendMail function located in beego/core/logs/smtp.go file

CVE Severity

8.8

Our Official Summary

This high-severity vulnerability only affects clusters that have the Harbor container registry installed. Remote attackers can escalate privileges via the sendMail function arbitrary memory writes through specially crafted certs.

Conditions for Exploitation: Attacker must have access to cluster resources.

Exploitation Complexity: Considered high, due to: Requirement for authenticated cluster access. Attack occurring within containerized components. Presence of runtime controls that mitigate code execution risks

Impact: Container isolation and built-in security controls significantly reduce the risk of full system compromise. The attack surface is constrained by the container runtime.

Resolution: An upstream fix has been released and will be included in the next version of our product.

Status

Open

Affected Products & Versions

VersionPalette EnterprisePalette Enterprise AirgapVerteXVerteX Airgap
4.6.18⚠️ Impacted✅ No Impact✅ No Impact✅ No Impact
4.5.22⚠️ Impacted✅ No Impact✅ No Impact✅ No Impact

Revision History

No revisions available.