CVE-2019-19026

MEDIUM

Description

Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 allows SQL Injection via project quotas in the VMware Harbor Container Registry for the Pivotal Platform.

References

https://github.com/goharbor/harbor/security/advisories

https://github.com/goharbor/harbor/security/advisories/GHSA-rh89-vvrg-fg64

https://tanzu.vmware.com/security/cve-2019-19026

Details

Source: MITRE

Published: 2020-03-20

Updated: 2020-03-20

Type: CWE-89

Risk Information

CVSS v2.0

Base Score: 4

Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 8

Severity: MEDIUM

CVSS v3.0

Base Score: 4.9

Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Impact Score: 3.6

Exploitability Score: 1.2

Severity: MEDIUM

Tenable Plugins

View all (1 total)

IDNameProductFamilySeverity
132856VMware Harbor 1.7.x, 1.8.x < 1.8.6 / 1.9.x < 1.9.3NessusMisc.
medium