CVE-2019-16919

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2019-16919

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-16919.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2019-16919

Related

GHSA-x2r2-w9c7-h624

Published

2019-10-18T12:15:10.190Z

Modified

2025-11-14T09:22:40.865586Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

[none]

Details

Harbor API has a Broken Access Control vulnerability. The vulnerability allows project administrators to use the Harbor API to create a robot account with unauthorized push and/or pull access permissions to a project they don't have access or control for. The Harbor API did not enforce the proper project permissions and project scope on the API request to create a new robot account.

References

Affected packages

Git / github.com/goharbor/harbor

Affected ranges

Type: GIT
Repo: https://github.com/goharbor/harbor
Events: Introduced

9b073a1941df311f30911b59751280e68158550d

Fixed

fb692b7b826546ce9570214614aafc3726b8dbc6

Affected versions

v1.*

v1.8.0

v1.8.1

v1.8.2

v1.8.2-rc1

v1.8.2-rc2

v1.8.3

v1.8.3-rc1