CVE-2024-40464
CVE Details
Visit the official vulnerability details page for CVE-2024-40464 to learn more.
Initial Publication
01/27/2025
Last Update
04/08/2025
Third Party Dependency
github.com/beego/beego/v2
NIST CVE Summary
An issue in beego v.2.2.0 and before allows a remote attacker to escalate privileges via the sendMail function located in beego/core/logs/smtp.go file
CVE Severity
Our Official Summary
This high-severity vulnerability only affects clusters that have the Harbor container registry installed. Remote attackers can escalate privileges via the sendMail function arbitrary memory writes through specially crafted certs.
Conditions for Exploitation: Attacker must have access to cluster resources.
Exploitation Complexity: Considered high, due to: Requirement for authenticated cluster access. Attack occurring within containerized components. Presence of runtime controls that mitigate code execution risks
Impact: Container isolation and built-in security controls significantly reduce the risk of full system compromise. The attack surface is constrained by the container runtime.
Resolution: An upstream fix has been released and will be included in the next version of our product.
Status
Open
Affected Products & Versions
| Version | Palette Enterprise | Palette Enterprise Airgap | VerteX | VerteX Airgap |
|---|---|---|---|---|
| 4.6.18 | ⚠️ Impacted | ✅ No Impact | ✅ No Impact | ✅ No Impact |
| 4.5.22 | ⚠️ Impacted | ✅ No Impact | ✅ No Impact | ✅ No Impact |
Revision History
No revisions available.