What is the severity of CVE-2019-16919?

The severity of CVE-2019-16919 is high.

What is the description of CVE-2019-16919?

CVE-2019-16919 is a Broken Access Control vulnerability in Harbor API that allows project administrators to create a robot account with unauthorized push and/or pull access permissions to a project they don't have access or control for.

How does CVE-2019-16919 affect Harbor API?

CVE-2019-16919 affects Harbor API by not enforcing the proper access controls, allowing project administrators to create unauthorized robot accounts with access permissions to projects they shouldn't have.

What software versions are affected by CVE-2019-16919?

Harbor versions 1.8.0 to 1.8.3, 1.9.0, VMware Cloud Foundation, and Vmware Harbor Container Registry versions 1.7.0 to 1.7.6 and 1.8.0 to 1.8.4 are affected by CVE-2019-16919.

How can I fix CVE-2019-16919?

To fix CVE-2019-16919, update Harbor API to a version that has a fix for this vulnerability.

Vulnerability/
CVE-2019-16919

high

7.5

CWE

276

18/10/2019

5/8/2024

CVE-2019-16919

First published: Fri Oct 18 2019(Updated: )

Harbor API has a Broken Access Control vulnerability. The vulnerability allows project administrators to use the Harbor API to create a robot account with unauthorized push and/or pull access permissions to a project they don't have access or control for. The Harbor API did not enforce the proper project permissions and project scope on the API request to create a new robot account.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Linuxfoundation Harbor	>=1.8.0<=1.8.3
Linuxfoundation Harbor	=1.9.0
VMware Cloud Foundation
Vmware Harbor Container Registry	>=1.7.0<=1.7.6
Vmware Harbor Container Registry	>=1.8.0<1.8.4

Remedy

https://github.com/goharbor/harbor/security/advisories/GHSA-x2r2-w9c7-h624

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2019-16919?
The severity of CVE-2019-16919 is high.
What is the description of CVE-2019-16919?
CVE-2019-16919 is a Broken Access Control vulnerability in Harbor API that allows project administrators to create a robot account with unauthorized push and/or pull access permissions to a project they don't have access or control for.
How does CVE-2019-16919 affect Harbor API?
CVE-2019-16919 affects Harbor API by not enforcing the proper access controls, allowing project administrators to create unauthorized robot accounts with access permissions to projects they shouldn't have.
What software versions are affected by CVE-2019-16919?
Harbor versions 1.8.0 to 1.8.3, 1.9.0, VMware Cloud Foundation, and Vmware Harbor Container Registry versions 1.7.0 to 1.7.6 and 1.8.0 to 1.8.4 are affected by CVE-2019-16919.
How can I fix CVE-2019-16919?
To fix CVE-2019-16919, update Harbor API to a version that has a fix for this vulnerability.

collector/nvd-index
agent/severity
agent/author
agent/references
agent/weakness
agent/type
agent/event
agent/description
agent/last-modified-date
agent/remedy
agent/softwarecombine
agent/first-publish-date
agent/tags
collector/mitre-cve
source/MITRE
vendor/linuxfoundation
canonical/linuxfoundation harbor
version/linuxfoundation harbor/1.8.0
version/linuxfoundation harbor/1.8.3
version/linuxfoundation harbor/1.9.0
vendor/vmware
canonical/vmware cloud foundation
canonical/vmware harbor container registry
version/vmware harbor container registry/1.7.0
version/vmware harbor container registry/1.7.6
version/vmware harbor container registry/1.8.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.