CSRF Vulnerability in VMware Harbor Container Registry by Cloud Native Computing Foundation
CVE-2019-19025

8.8HIGH

Key Information:

Vendor
Linux
Status
Harbor
Vendor
CVE Published:
20 March 2020

Summary

The VMware Harbor Container Registry, developed by the Cloud Native Computing Foundation, is susceptible to a Cross-Site Request Forgery (CSRF) vulnerability in versions prior to 1.8.6 and 1.9.3. This flaw can allow an attacker to perform unauthorized actions on behalf of an authenticated user, potentially compromising the integrity and security of the affected systems. Users of the impacted versions are encouraged to upgrade to the latest versions to mitigate this risk. For detailed information, consult the security advisories on GitHub and VMware's official security pages.

References

https://github.com/goharbor/harbor/security/advisories
x_refsource_MISC
https://tanzu.vmware.com/security/cve-2019-19025
x_refsource_CONFIRM
https://github.com/goharbor/harbor/security/advisories/GH...
x_refsource_MISC

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.