A User Enumeration flaw exists in Harbor. The issue is present in the "/users" API endpoint. This endpoint is supposed to be restricted to administrators. This restriction is able to be bypassed and information can be obtained about registered users can be obtained via the "search" functionality.
References
Link | Resource |
---|---|
https://github.com/goharbor/harbor/security/advisories/GHSA-6qj9-33j4-rvhg | Patch Third Party Advisory |
https://www.tenable.com/security/research/tra-2019-50 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: tenable
Published: 2019-12-03T16:55:15
Updated: 2019-12-03T16:55:15
Reserved: 2019-01-03T00:00:00
Link: CVE-2019-3990
JSON object: View
NVD Information
Status : Analyzed
Published: 2019-12-03T17:15:11.727
Modified: 2020-08-24T17:37:01.140
Link: CVE-2019-3990
JSON object: View
Redhat Information
No data.
CWE