Lucene search
Veracode Vulnerability DatabaseVERACODE:22093HistoryDec 04, 2019 - 2:30 a.m.
Information Disclosure
2019-12-0402:30:09
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
7
0.001 Low
EPSS
Percentile
19.5%
github.com/goharbor/harbor is vulnerable to information disclosure. The vulnerability exists as it was possible to enumerate users with the /api/users/search endpoint.
| CPE | Name | Operator | Version |
|---|---|---|---|
| github.com/goharbor/harbor | eq | HEAD | |
| github.com/goharbor/harbor | le | v1.9.2 | |
| github.com/goharbor/harbor | le | 1.8.5 |
References
github.com/goharbor/harbor/commit/7910e9f239b82c21657bbb42d47fcff6e67a5cba
github.com/goharbor/harbor/commit/9396cb60c6ccee5542170e010ecd577acadf0dba
github.com/goharbor/harbor/pull/9746
github.com/goharbor/harbor/pull/9817
github.com/goharbor/harbor/security/advisories/GHSA-6qj9-33j4-rvhg
www.tenable.com/security/research/tra-2019-50
Related
prion
prion
Design/Logic Flaw
2019-12-03 17:15:00
nessus
nessus
VMware Harbor User Enumeration (CVE-2019-3990)
2021-08-19 00:00:00
VMware Harbor 1.7.x, 1.8.x < 1.8.6 / 1.9.x < 1.9.3
2020-01-14 00:00:00
cvelist
cvelist
CVE-2019-3990
2019-12-03 16:55:15
nvd
nvd
CVE-2019-3990
2019-12-03 17:15:11
cve
cve
CVE-2019-3990
2019-12-03 17:15:11
osv
osv
CVE-2019-3990
2019-12-03 17:15:11