VMware Harbor 1.7.x, 1.8.x < 1.8.6 / 1.9.x < 1.9.3

high Nessus Plugin ID 132856

Synopsis

A cloud native registry installed on the remote host is affected multiple vulnerabilities.

Description

The version of VMware Harbor installed on the remote host is 1.7.x or 1.8.x prior to 1.8.6 or 1.9.x prior to 1.9.3. It is, therefore, affected multiple vulnerabilities, including the following:

- A privilege escalation vulnerability that allows an authenticated, normal user to gain administrative account privileges by making an API call to modify the email address of a specific user. An attacker can reset the password for that email address to gain access to the administrative account. This vulnerability exists because the affected Harbor API fails to enforce proper permissions and scope on the API request to modify an email address. (CVE-2019-19023)

- A Cross-Site Request Forgery (CSRF) vulnerability caused by the Harbor web interface failing to implement protection mechanisms against CSRF. An unauthenticated, remote attacker can exploit this, by luring an authenticated user onto a prepared third-party website, in order to execute any action the platform in the context of the currently authenticated victim. (CVE-2019-19025)

- An SQL injection (SQLi) vulnerability which a remote, authenticated user with Project-Admin capabilities can exploit by sending a specially crafted SQL payload in order to read secrets from the underlying database or conduct privilege escalation. (CVE-2019-19029) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update to VMware Harbor version 1.8.6, 1.9.3 or later.

See Also

http://www.nessus.org/u?a9e14e46

http://www.nessus.org/u?b9d62b62

http://www.nessus.org/u?9815c178

http://www.nessus.org/u?1a9ee701

http://www.nessus.org/u?7c3e5deb

Plugin Details

Severity: High

ID: 132856

File Name: vmware_harbor_1_9_3.nasl

Version: 1.3

Type: combined

Family: Misc.

Published: 1/14/2020

Updated: 3/24/2020

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2019-19025

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:goharbor:harbor

Required KB Items: installed_sw/Harbor

Exploit Ease: No known exploits are available

Patch Publication Date: 11/18/2019

Vulnerability Publication Date: 12/3/2019

Reference Information

CVE: CVE-2019-19023, CVE-2019-19025, CVE-2019-19026, CVE-2019-19029, CVE-2019-3990