Release Date: 2019-12-03
Updated: 2019-12-06
Affected Systems:
Harbor Harbor 1.9.*
Harbor Harbor 1.8.*
Harbor Harbor 1.7.*
Systems affected:
Harbor Harbor 1.9.3
Harbor Harbor 1.8.6
description:
CVE (the CAN) ID: CVE-2019-19023
Harbor is an open source image management program, by adding some users commonly used features, such as security, identification and management, extended open Docker Distribution.
Harbor elevation of privilege vulnerability exists in the implementation that could allow ordinary users can modify a particular user's email address via an API call to obtain administrator account privileges. Vulnerability stems from Harbor API not to edit your email address API requests the appropriate permissions restrictions.
<* Source: Anonymous
*>
suggestions:
Manufacturers patch:
Harbor
------
Current vendors have released an updated patch to fix the security issue, please go to the manufacturer's home page to download:
https://github.com/goharbor/harbor/security/advisories/GHSA-gcqm- ccw6-v682
https://github.com/goharbor/harbor/security/advisories/GHSA-3868-7c5x-4827
https://github.com/goharbor/harbor/security/advisories/GHSA-qcfv-8v29-469w
HTTPS : //github.com/goharbor/harbor/security/advisories/GHSA-rh89-vvrg-fg64
https://github.com/goharbor/harbor/security/advisories/GHSA-6qj9-33j4-rvhg
download link:
HTTPS: //github.com/goharbor/harbor/releases