VMware Harbor 1.7.x, 1.8.x < 1.8.6 / 1.9.x < 1.9.3

medium Nessus Plugin ID 132856
New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it is different from CVSS.

VPR Score: 5.9

Synopsis

A cloud native registry installed on the remote host is affected multiple vulnerabilities.

Description

The version of VMware Harbor installed on the remote host is 1.7.x or 1.8.x prior to 1.8.6 or 1.9.x prior to 1.9.3. It is, therefore, affected multiple vulnerabilities, including the following:

- A privilege escalation vulnerability that allows an authenticated, normal user to gain administrative account privileges by making an API call to modify the email address of a specific user. An attacker can reset the password for that email address to gain access to the administrative account. This vulnerability exists because the affected Harbor API fails to enforce proper permissions and scope on the API request to modify an email address. (CVE-2019-19023)

- A Cross-Site Request Forgery (CSRF) vulnerability caused by the Harbor web interface failing to implement protection mechanisms against CSRF. An unauthenticated, remote attacker can exploit this, by luring an authenticated user onto a prepared third-party website, in order to execute any action the platform in the context of the currently authenticated victim. (CVE-2019-19025)

- An SQL injection (SQLi) vulnerability which a remote, authenticated user with Project-Admin capabilities can exploit by sending a specially crafted SQL payload in order to read secrets from the underlying database or conduct privilege escalation. (CVE-2019-19029) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update to VMware Harbor version 1.8.6, 1.9.3 or later.

See Also

http://www.nessus.org/u?a9e14e46

http://www.nessus.org/u?b9d62b62

http://www.nessus.org/u?9815c178

http://www.nessus.org/u?1a9ee701

http://www.nessus.org/u?7c3e5deb

Plugin Details

Severity: Medium

ID: 132856

File Name: vmware_harbor_1_9_3.nasl

Version: 1.3

Type: combined

Family: Misc.

Published: 1/14/2020

Updated: 3/24/2020

Dependencies: 130456, 129979

Risk Information

Risk Factor: Medium

VPR Score: 5.9

CVSS Score Source: CVE-2019-19025

CVSS v2.0

Base Score: 6.8

Temporal Score: 5

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Temporal Vector: E:U/RL:OF/RC:C

CVSS v3.0

Base Score: 8.8

Temporal Score: 7.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:goharbor:harbor

Required KB Items: installed_sw/Harbor

Exploit Available: undefined

Exploit Ease: No known exploits are available

Patch Publication Date: 11/18/2019

Vulnerability Publication Date: 12/3/2019

Reference Information

CVE: CVE-2019-3990, CVE-2019-19023, CVE-2019-19025, CVE-2019-19026, CVE-2019-19029