CVE-2019-19026

Опубликовано: 20 мар. 2020

Источник: nvd

CVSS3: 4.9

CVSS2: 4

EPSS Низкий

Описание

Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 allows SQL Injection via project quotas in the VMware Harbor Container Registry for the Pivotal Platform.

Ссылки

https://github.com/goharbor/harbor/security/advisories
Third Party Advisory
https://github.com/goharbor/harbor/security/advisories/GHSA-rh89-vvrg-fg64
Third Party Advisory
https://tanzu.vmware.com/security/cve-2019-19026
Third Party Advisory
https://github.com/goharbor/harbor/security/advisories
Third Party Advisory
https://github.com/goharbor/harbor/security/advisories/GHSA-rh89-vvrg-fg64
Third Party Advisory
https://tanzu.vmware.com/security/cve-2019-19026
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:linuxfoundation:harbor:*:*:*:*:*:*:*:*

Версия от 1.7.0 (включая) до 1.8.6 (исключая)

cpe:2.3:a:linuxfoundation:harbor:*:*:*:*:*:*:*:*

Версия от 1.9.0 (включая) до 1.9.3 (исключая)

Конфигурация 2

cpe:2.3:a:pivotal:vmware_harbor_registry:-:*:*:*:*:*:*:*

EPSS

Процентиль: 68%

0.00571

Низкий

4.9 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-w4x5-jqq4-qc8x