← Back

CVE-2019-16097

nvd nistnuclei
Published: Sep 8, 2019Modified: Nov 21, 2024

JSON object

Loading...
6.5
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Exploitability: 2.8 / Impact: 3.6
Source: NVD

Description

core/api/user.go in Harbor 1.7.0 through 1.8.2 allows non-admin users to create admin accounts via the POST /api/users API, when Harbor is setup with DB as authentication backend and allow user to do self-registration. Fixed version: v1.7.6 v1.8.3. v.1.9.0. Workaround without applying the fix: configure Harbor to use non-DB authentication backend such as LDAP.

Affected (16)

Linuxfoundation
1 product
Harbor
Configuration A
16 vulnerable
Vulnerable SoftwareAffected Versions
Linuxfoundation
Harbor
Version 1.7.0
Harbor
Version 1.7.0 rc1
Harbor
Version 1.7.0 rc2
Harbor
Version 1.7.1
Harbor
Version 1.7.2
Harbor
Version 1.7.3
Harbor
Version 1.7.4
Harbor
Version 1.7.5
Harbor
Version 1.8.0
Harbor
Version 1.8.0 rc1
Harbor
Version 1.8.0 rc2
Harbor
Version 1.8.1
Harbor
Version 1.8.2
Harbor
Version 1.8.2 rc1
Harbor
Version 1.8.2 rc2
Harbor
Version 1.9.0 rc1

Related CWEs

CWE-862
Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

References (12)

Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
PatchThird Party Advisory
Source: cve@mitre.org
PatchThird Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.