github.com/goharbor/harbor is vulnerable to privilege escalation. The API call to update user profile is not validated, allowing an attacker to modify the email address of another user and subsequently perform a successful password reset to gain access to that user’s account.
CPE | Name | Operator | Version |
---|---|---|---|
github.com/goharbor/harbor | le | 1.9.1 | |
github.com/goharbor/harbor | le | 1.8.5 |