3. Remote escalation of privilege vulnerability in Harbor (CVE-2019-16097)
A vulnerability in the POST /api/users API of Harbor may allow for a remote escalation of privilege. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16097
github.com/goharbor/harbor/wiki/Harbor-FAQs#cve-2019-16097
my.vmware.com/web/vmware/details?downloadGroup=VCF390&productId=945&rPId=39121
network.pivotal.io/products/harbor-container-registry/#/releases/470129
network.pivotal.io/products/harbor-container-registry/#/releases/470132
pivotal.io/security/cve-2019-16097
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H