Lucene search

GoogleOSV:CVE-2019-19030

HistoryDec 26, 2022 - 10:15 p.m.

CVE-2019-19030

2022-12-2622:15:10

Google

osv.dev

cloud native computing foundation

harbor

resource enumeration

unauthenticated api calls

http status code

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

6.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

32.1%

JSON

Cloud Native Computing Foundation Harbor before 1.10.3 and 2.x before 2.0.1 allows resource enumeration because unauthenticated API calls reveal (via the HTTP status code) whether a resource exists.

CPENameOperatorVersion
harboreq2.0.1-rc1
harboreq2.0.0

CPE	Name	Operator	Version
	harbor	eq	2.0.1-rc1
	harbor	eq	2.0.0

References

github.com/goharbor/harbor/security/advisories/GHSA-q9x4-q76f-5h5j

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

6.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

32.1%

JSON

Related for OSV:CVE-2019-19030