|Number of vulnerabilities||4|
|CVE ID|| CVE-2019-19029
|CWE ID|| CWE-89
VMware Harbor Container Registry for PCF
Server applications /
3) Permissions, Privileges, and Access Controls
The vulnerability allows a remote attacker to escalate privileges on the system.
The vulnerability exists due to the Harbor API does not enforce the proper permissions and scope on the API request to modify the email address. A remote authenticated attacker can make an API call to modify the email address of a specific user, reset the password for that email address and gain access to that account.
Install updates from vendor’s website.
Vulnerable software versions
VMware Harbor Container Registry for PCF:
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.