GHSA-9wvh-ff5f-xjpj
Suggest an improvement- Source
- https://github.com/advisories/GHSA-9wvh-ff5f-xjpj
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/02/GHSA-9wvh-ff5f-xjpj/GHSA-9wvh-ff5f-xjpj.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-9wvh-ff5f-xjpj
- Aliases
- Published
- 2022-02-15T01:57:18Z
- Modified
- 2024-08-21T15:57:13.370471Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
- Summary
- Missing Authorization in Harbor
- Details
-
core/api/user.go in Harbor 1.7.0 through 1.8.2 allows non-admin users to create admin accounts via the POST /api/users API. This is fixed in 1.9.0-rc1.
- Database specific
{ "severity": "MODERATE", "nvd_published_at": null, "github_reviewed_at": "2021-05-17T16:40:42Z", "github_reviewed": true, "cwe_ids": [ "CWE-862" ] }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2019-16097
- https://github.com/goharbor/harbor/commit/b6db8a8a106259ec9a2c48be8a380cb3b37cf517
- https://github.com/goharbor/harbor/compare/v1.8.2...v1.9.0-rc1
- https://github.com/goharbor/harbor/releases/tag/v1.7.6
- https://github.com/goharbor/harbor/releases/tag/v1.8.3
- https://github.com/ianxtianxt/CVE-2019-16097
- https://unit42.paloaltonetworks.com/critical-vulnerability-in-harbor-enables-privilege-escalation-from-zero-to-admin-cve-2019-16097
- http://www.vmware.com/security/advisories/VMSA-2019-0015.html
Affected packages
Go / github.com/goharbor/harbor
Package
- Name
- github.com/goharbor/harbor
- View open source insights on deps.dev
- Purl
- pkg:golang/github.com/goharbor/harbor