CVE-2019-3990

Опубликовано: 03 дек. 2019

Источник: nvd

CVSS3: 4.3

CVSS2: 4

EPSS Низкий

Описание

A User Enumeration flaw exists in Harbor. The issue is present in the "/users" API endpoint. This endpoint is supposed to be restricted to administrators. This restriction is able to be bypassed and information can be obtained about registered users can be obtained via the "search" functionality.

Ссылки

https://github.com/goharbor/harbor/security/advisories/GHSA-6qj9-33j4-rvhg
Patch
Third Party Advisory
https://www.tenable.com/security/research/tra-2019-50
Third Party Advisory
https://github.com/goharbor/harbor/security/advisories/GHSA-6qj9-33j4-rvhg
Patch
Third Party Advisory
https://www.tenable.com/security/research/tra-2019-50
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:linuxfoundation:harbor:*:*:*:*:*:*:*:*

Версия от 1.7.0 (включая) до 1.7.6 (включая)

cpe:2.3:a:linuxfoundation:harbor:*:*:*:*:*:*:*:*

Версия от 1.8.0 (включая) до 1.8.5 (включая)

cpe:2.3:a:linuxfoundation:harbor:1.9.0:-:*:*:*:*:*:*

cpe:2.3:a:linuxfoundation:harbor:1.9.0:rc1:*:*:*:*:*:*

cpe:2.3:a:linuxfoundation:harbor:1.9.0:rc2:*:*:*:*:*:*

cpe:2.3:a:linuxfoundation:harbor:1.9.1:-:*:*:*:*:*:*

cpe:2.3:a:linuxfoundation:harbor:1.9.1:rc1:*:*:*:*:*:*

EPSS

Процентиль: 42%

0.00191

Низкий

4.3 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-269