CVE-2019-16097 Scanner

Harbor is an open-source container image registry that is used to store, manage and distribute Docker images. It is designed to provide an enterprise-class registry server, allowing organizations to securely store and manage their images. Harbor has become a popular choice for developers due to its support for role-based access control, image replication, and vulnerability scanning capabilities.

Recently, a vulnerability was detected in Harbor software, known as CVE-2019-16097. This flaw allowed non-admin users to create admin accounts through the POST /api/users API, when Harbor was set up with DB as authentication backend. The vulnerability was present in Harbor 1.7.0 through 1.8.2, which made it possible for attackers to exploit it to gain unauthorized access to the system.

The exploitation of CVE-2019-16097 could have dire consequences for organizations. It could allow attackers to gain admin-level access to the Harbor server, which could lead to a complete compromise of the organization's container image registry. Attackers could use this access to alter images, inject malicious code or perform other harmful actions that could lead to data breaches or system failures.

Thanks to the Pro features of the securityforeveryone.com platform, you can easily and quickly learn about vulnerabilities in your digital assets. With regular scanning and monitoring, you can stay ahead of potential threats and keep your systems secure. Don't wait for the next security flaw to emerge, take proactive measures to protect your systems today.

REFERENCES

• http://www.vmware.com/security/advisories/VMSA-2019-0015.html
• https://github.com/goharbor/harbor/commit/b6db8a8a106259ec9a2c48be8a380cb3b37cf517
• https://github.com/goharbor/harbor/compare/v1.8.2...v1.9.0-rc1
• https://github.com/goharbor/harbor/releases/tag/v1.7.6
• https://github.com/goharbor/harbor/releases/tag/v1.8.3
• https://unit42.paloaltonetworks.com/critical-vulnerability-in-harbor-enables-privilege-escalation-from-zero-to-admin-cve-2019-16097/