Main Vulnerability Database Vulnerabilities #VU26379

Permissions, Privileges, and Access Controls in VMware Harbor Container Registry for PCF - CVE-2019-19023

Published: March 25, 2020 / Updated: April 7, 2026

Vulnerability identifier: #VU26379

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2019-19023

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Pivotal

Affected software:
VMware Harbor Container Registry for PCF

Detailed vulnerability description

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to the Harbor API does not enforce the proper permissions and scope on the API request to modify the email address. A remote authenticated attacker can make an API call to modify the email address of a specific user, reset the password for that email address and gain access to that account.

How to mitigate CVE-2019-19023

Install updates from vendor's website.

Permissions, Privileges, and Access Controls in VMware Harbor Container Registry for PCF - CVE-2019-19023

Detailed vulnerability description

How to mitigate CVE-2019-19023

Sources

Please verify you're human