Lucene search

Veracode Vulnerability DatabaseVERACODE:21439

HistorySep 06, 2019 - 6:10 a.m.

Unauthorised Admin User Account Creation

2019-09-0606:10:11

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.965 High

EPSS

Percentile

99.6%

JSON

https://github.com/goharbor/harbor is vulnerable to unauthorized admin user account creation. During a registration of a non-admin user, a request from non-admin user to create admin user account is not validated, allowing a low-privileged user to create an admin user account.

CPENameOperatorVersion
github.com/goharbor/harboreqHEAD
github.com/goharbor/harborle1.8.2
github.com/goharbor/harborle1.7.5

Name	Operator	Version
github.com/goharbor/harbor	eq	HEAD
github.com/goharbor/harbor	le	1.8.2
github.com/goharbor/harbor	le	1.7.5

References

www.vmware.com/security/advisories/VMSA-2019-0015.html

github.com/goharbor/harbor/commit/7d151946e0e2d2b23ddb8f6ca2d16a9413acf7d9

github.com/goharbor/harbor/commit/b6db8a8a106259ec9a2c48be8a380cb3b37cf517

github.com/goharbor/harbor/compare/v1.8.2...v1.9.0-rc1

github.com/goharbor/harbor/issues/8951

github.com/goharbor/harbor/pull/8917

github.com/goharbor/harbor/releases/tag/v1.7.6

github.com/goharbor/harbor/releases/tag/v1.8.3

unit42.paloaltonetworks.com/critical-vulnerability-in-harbor-enables-privilege-escalation-from-zero-to-admin-cve-2019-16097/

0.965 High

EPSS

Percentile

99.6%

JSON

Related for VERACODE:21439