Supports Detecting the Privilege Escalation Vulnerability (CVE-2019-16097) in Harbor
Sep 20 2019
Content
Target customers: users who use Harbor 1.7.0 to 1.7.5 or 1.8.0 to 1.8.2. Features released: Harbor is an enterprise-class registry server that stores and distributes container images. The core/api/user.go file in Harbor 1.7.0 through 1.8.2 allows non-admin users to create administrator accounts. Attackers can exploit this vulnerability to create administrator accounts and take over Harbor by sending a malicious request. We recommend that users upgrade Harbor to 1.7.6 or 1.8.3. For more information, see https://github.com/goharbor/harbor/releases. We recommend that Harbor users scan for this vulnerability as soon as possible.