Main Vulnerability Database Vulnerabilities #VU26379

#VU26379 Permissions, Privileges, and Access Controls in VMware Harbor Container Registry for PCF - CVE-2019-19023

Published: March 25, 2020

Vulnerability identifier: #VU26379

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2019-19023

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
VMware Harbor Container Registry for PCF

Software vendor:
Pivotal

Description

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to the Harbor API does not enforce the proper permissions and scope on the API request to modify the email address. A remote authenticated attacker can make an API call to modify the email address of a specific user, reset the password for that email address and gain access to that account.

Remediation

Install updates from vendor's website.

#VU26379 Permissions, Privileges, and Access Controls in VMware Harbor Container Registry for PCF - CVE-2019-19023

Description

Remediation

External links

Please verify you're human