https://github.com/goharbor/harbor
is vulnerable to unauthorized admin user account creation. During a registration of a non-admin user, a request from non-admin user to create admin user account is not validated, allowing a low-privileged user to create an admin user account.
CPE | Name | Operator | Version |
---|---|---|---|
github.com/goharbor/harbor | eq | HEAD | |
github.com/goharbor/harbor | le | 1.8.2 | |
github.com/goharbor/harbor | le | 1.7.5 |
www.vmware.com/security/advisories/VMSA-2019-0015.html
github.com/goharbor/harbor/commit/7d151946e0e2d2b23ddb8f6ca2d16a9413acf7d9
github.com/goharbor/harbor/commit/b6db8a8a106259ec9a2c48be8a380cb3b37cf517
github.com/goharbor/harbor/compare/v1.8.2...v1.9.0-rc1
github.com/goharbor/harbor/issues/8951
github.com/goharbor/harbor/pull/8917
github.com/goharbor/harbor/releases/tag/v1.7.6
github.com/goharbor/harbor/releases/tag/v1.8.3
unit42.paloaltonetworks.com/critical-vulnerability-in-harbor-enables-privilege-escalation-from-zero-to-admin-cve-2019-16097/