Vulnerability Name:

CVE-2019-16097 (CCN-167005)

Assigned:2019-08-12
Published:2019-08-12
Updated:2020-08-24
Summary:core/api/user.go in Harbor 1.7.0 through 1.8.2 allows non-admin users to create admin accounts via the POST /api/users API, when Harbor is setup with DB as authentication backend and allow user to do self-registration. Fixed version: v1.7.6 v1.8.3. v.1.9.0. Workaround without applying the fix: configure Harbor to use non-DB authentication backend such as LDAP.
CVSS v3 Severity:6.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N)
5.7 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): High
Availibility (A): None
8.8 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
7.7 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:4.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
9.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-862
Vulnerability Consequences:Gain Privileges
References:Source: MITRE
Type: CNA
CVE-2019-16097

Source: CONFIRM
Type: Third Party Advisory
http://www.vmware.com/security/advisories/VMSA-2019-0015.html

Source: XF
Type: UNKNOWN
harbor-cve201916097-priv-esc(167005)

Source: MISC
Type: Patch, Third Party Advisory
https://github.com/goharbor/harbor/commit/b6db8a8a106259ec9a2c48be8a380cb3b37cf517

Source: CCN
Type: Harbor GIT Repository
Comparing changes

Source: MISC
Type: Patch, Third Party Advisory
https://github.com/goharbor/harbor/compare/v1.8.2...v1.9.0-rc1

Source: MISC
Type: Third Party Advisory
https://github.com/goharbor/harbor/releases/tag/v1.7.6

Source: MISC
Type: Third Party Advisory
https://github.com/goharbor/harbor/releases/tag/v1.8.3

Source: MISC
Type: Third Party Advisory
https://unit42.paloaltonetworks.com/critical-vulnerability-in-harbor-enables-privilege-escalation-from-zero-to-admin-cve-2019-16097/

Source: CCN
Type: VMware Security Advisory VMSA-2019-0015
VMware Cloud Foundation and VMware Harbor Container Registry for PCF address remote escalation of privilege vulnerability (CVE-2019-16097)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:linuxfoundation:harbor:1.7.0:-:*:*:*:*:*:*
  • OR cpe:/a:linuxfoundation:harbor:1.7.0:rc1:*:*:*:*:*:*
  • OR cpe:/a:linuxfoundation:harbor:1.7.0:rc2:*:*:*:*:*:*
  • OR cpe:/a:linuxfoundation:harbor:1.7.1:*:*:*:*:*:*:*
  • OR cpe:/a:linuxfoundation:harbor:1.7.2:*:*:*:*:*:*:*
  • OR cpe:/a:linuxfoundation:harbor:1.7.3:*:*:*:*:*:*:*
  • OR cpe:/a:linuxfoundation:harbor:1.7.4:*:*:*:*:*:*:*
  • OR cpe:/a:linuxfoundation:harbor:1.7.5:*:*:*:*:*:*:*
  • OR cpe:/a:linuxfoundation:harbor:1.8.0:-:*:*:*:*:*:*
  • OR cpe:/a:linuxfoundation:harbor:1.8.0:rc1:*:*:*:*:*:*
  • OR cpe:/a:linuxfoundation:harbor:1.8.0:rc2:*:*:*:*:*:*
  • OR cpe:/a:linuxfoundation:harbor:1.8.1:*:*:*:*:*:*:*
  • OR cpe:/a:linuxfoundation:harbor:1.8.2:-:*:*:*:*:*:*
  • OR cpe:/a:linuxfoundation:harbor:1.8.2:rc1:*:*:*:*:*:*
  • OR cpe:/a:linuxfoundation:harbor:1.8.2:rc2:*:*:*:*:*:*
  • OR cpe:/a:linuxfoundation:harbor:1.9.0:rc1:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:vmware:cloud_foundation:-:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    linuxfoundation harbor 1.7.0 -
    linuxfoundation harbor 1.7.0 rc1
    linuxfoundation harbor 1.7.0 rc2
    linuxfoundation harbor 1.7.1
    linuxfoundation harbor 1.7.2
    linuxfoundation harbor 1.7.3
    linuxfoundation harbor 1.7.4
    linuxfoundation harbor 1.7.5
    linuxfoundation harbor 1.8.0 -
    linuxfoundation harbor 1.8.0 rc1
    linuxfoundation harbor 1.8.0 rc2
    linuxfoundation harbor 1.8.1
    linuxfoundation harbor 1.8.2 -
    linuxfoundation harbor 1.8.2 rc1
    linuxfoundation harbor 1.8.2 rc2
    linuxfoundation harbor 1.9.0 rc1
    vmware cloud foundation -