A, Harbor Introduction
1.Harbor Introduction
Harbor Enterprise Registry is a server for storing and distributing Docker mirrored by adding features necessary for some companies, such as security, identity management, and extends the open source Docker Distribution. As a private enterprise server Registry, Harbor provides better performance and security. Registry user build and enhance the efficiency of the runtime environment of the transmission image. Harbor mirror resources to support replication of nodes installed in multiple Registry, mirroring all saved in a private Registry, ensure data and intellectual property in the company's internal network management and control. In addition, Harbor also provides advanced security features, such as user management, access control and audit activities.
2. Introduction to vulnerability and hazards
By Elephant Security Incident Response Team analysis attacker could take over the Harbor mirrored by registered warehouse administrator account, so write malicious mirror can eventually infect the client to use this warehouse.
3, affected area
product
Harbor 1.7.0-1.8.2
4, vulnerability reproduction
4.1 fofa search syntax
title="Harbor" && country=CN
4.2 find the registration page, fill out the registration and packet capture good account. Plus "has_admin_role" = true in the last packet
Successfully landed on it
