Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Network-reachable endpoint requires valid credentials (PR:L); only unauthorized space listing is exposed yielding low confidentiality impact with no integrity, availability, or scope-change effects.
Primary rating from Vendor (vuldb).
CVSS VectorVendor: vuldb
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionCVE.org
A vulnerability was determined in Harness up to 2.28.2. This vulnerability affects the function getAuthorizedSpaces of the file app/api/controller/gitspace/list_all.go of the component gitspaces Endpoint. Executing a manipulation can lead to authorization bypass. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report but has not responded yet.
AnalysisAI
Authorization bypass in Harness gitspaces endpoint (versions up to 2.28.2) permits any authenticated remote user to enumerate workspace listings beyond their authorized scope via a flaw in the getAuthorizedSpaces function of app/api/controller/gitspace/list_all.go. The confidentiality impact is limited to space listing disclosure - no integrity or availability impact is present - but publicly available exploit code (CVSS 4.0 E:P) lowers the exploitation barrier significantly. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires a valid authenticated account on the Harness platform with at minimum low-level privileges (PR:L confirmed by CVSS 4.0 vector). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 base score of 2.1 reflects a genuinely narrow impact: low confidentiality exposure only (VC:L), no integrity or availability effects, scoped entirely to the vulnerable system with no lateral blast radius (SC:N/SI:N/SA:N). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An authenticated low-privilege Harness user - such as a project member or co-tenant in a shared deployment - sends a crafted HTTP request to the gitspaces list-all endpoint, triggering the flawed `getAuthorizedSpaces` function, which returns a listing of workspace entries beyond the caller's authorized scope. Publicly available exploit code has been disclosed, meaning a threat actor needs only valid credentials to reproduce the attack without advanced technical skill. … |
| Remediation | No vendor-released patch has been identified at time of analysis - the Harness project was notified via responsible disclosure but has not responded, per the CVE description. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-285 – Improper Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-42281
GHSA-2gx4-76v6-f2pq