SQL Injection Vulnerability in VMware Harbor Container Registry
CVE-2019-19026

4.9MEDIUM

Key Information:

Vendor
Linux
Status
Harbor
Vendor
CVE Published:
20 March 2020

Summary

A SQL Injection vulnerability exists in VMware Harbor Container Registry, which impacts versions prior to 1.8.6 and 1.9.3. This vulnerability allows attackers to manipulate project quotas, potentially compromising the application's data integrity and security. By exploiting this flaw, unauthorized users may gain access to sensitive information or execute arbitrary SQL commands within the database.

References

https://github.com/goharbor/harbor/security/advisories
x_refsource_MISC
https://tanzu.vmware.com/security/cve-2019-19026
x_refsource_CONFIRM
https://github.com/goharbor/harbor/security/advisories/GH...
x_refsource_MISC

CVSS V3.1

Score:
4.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.