Harbor Enables Privilege Escalation From Zero to admin CVE-2019-16097 Scanner

Details
Stay Up To Date
Asset Type

DOMAIN,IP,URL

Need Membership

Yes

Asset Verify

Yes

API Support

Yes

Estimate Time (Second)

15

Harbor Enables Privilege Escalation From Zero to admin CVE-2019-16097 Scanner Detail

Harbor allows privilege escalation from zero to admin vulnerability.

core/api/user.go in Harbor 1.7.0 through 1.8.2 allows non-admin users to create admin accounts via the POST /api/users API, when Harbor is setup with DB as authentication backend and allow user to do self-registration. Fixed version: v1.7.6 v1.8.3. v.1.9.0. Workaround without applying the fix: configure Harbor to use non-DB authentication backend such as LDAP.

Some Advice for Common Problems

You have to update to latest version.

Community Discussions

Need a Full Assesment?

Get help from professional hackers. Learn about our penetration test service now!

Request Pentest Service