Harbor@1.9.0 Security Vulnerabilities and Issues — Harbor@1.9.0 CVE List

Lucene search

LinuxfoundationHarbor1.9.0

3 matches found

CVE•added 2019/10/18 12:15 p.m.•154 views

CVE-2019-16919

Harbor API has a Broken Access Control vulnerability. The vulnerability allows project administrators to use the Harbor API to create a robot account with unauthorized push and/or pull access permissions to a project they don't have access or control for. The Harbor API did not enforce the proper p...

7.5CVSS7.4AI score0.0044EPSS

CVE•added 2019/09/08 4:15 p.m.•152 views

CVE-2019-16097

core/api/user.go in Harbor 1.7.0 through 1.8.2 allows non-admin users to create admin accounts via the POST /api/users API, when Harbor is setup with DB as authentication backend and allow user to do self-registration. Fixed version: v1.7.6 v1.8.3. v.1.9.0. Workaround without applying the fix: conf...

6.5CVSS6.3AI score0.93453EPSS

CVE•added 2019/12/03 5:15 p.m.•55 views

CVE-2019-3990

A User Enumeration flaw exists in Harbor. The issue is present in the "/users" API endpoint. This endpoint is supposed to be restricted to administrators. This restriction is able to be bypassed and information can be obtained about registered users can be obtained via the "search" functionality.

4.3CVSS4.5AI score0.00191EPSS