4.3

CVE-2019-3990

EPSS 0.31%
Veröffentlicht 03.12.2019 17:15:11
Zuletzt bearbeitet 21.11.2024 04:43:01
Quelle vulnreport@tenable.com
CVE-Watchlists
Login
Unerledigt
Login

A User Enumeration flaw exists in Harbor. The issue is present in the "/users" API endpoint. This endpoint is supposed to be restricted to administrators. This restriction is able to be bypassed and information can be obtained about registered users can be obtained via the "search" functionality.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linuxfoundation ≫ Harbor Version >= 1.7.0 <= 1.7.6

Linuxfoundation ≫ Harbor Version >= 1.8.0 <= 1.8.5

Linuxfoundation ≫ Harbor Version1.9.0 Update-

Linuxfoundation ≫ Harbor Version1.9.0 Updaterc1

Linuxfoundation ≫ Harbor Version1.9.0 Updaterc2

Linuxfoundation ≫ Harbor Version1.9.1 Update-

Linuxfoundation ≫ Harbor Version1.9.1 Updaterc1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.31%	0.54

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:P/I:N/A:N

CWE-269 Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

https://github.com/goharbor/harbor/security/advisories/GHSA-6qj9-33j4-rvhg

Patch

Third Party Advisory

https://www.tenable.com/security/research/tra-2019-50

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-3990

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-3990

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-3990

EUVD