SQL Injection Vulnerability in VMware Harbor Container Registry
CVE-2019-19029

7.2HIGH

Key Information:

Vendor
Linux
Status
Harbor
Vendor
CVE Published:
20 March 2020

Summary

The VMware Harbor Container Registry is vulnerable to SQL Injection through the management of user-groups, exposed prior to versions 1.8.6 and 1.9.3. This flaw could allow an attacker to execute arbitrary SQL commands, potentially compromising the integrity and confidentiality of the data stored in the registry. It is critical for users to patch their installations to mitigate this risk and ensure the security of their container deployments.

References

https://github.com/goharbor/harbor/security/advisories
x_refsource_MISC
https://tanzu.vmware.com/security/cve-2019-19029
x_refsource_CONFIRM
https://github.com/goharbor/harbor/security/advisories/GH...
x_refsource_MISC

CVSS V3.1

Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.