CVE-2019-3990

4.3MEDIUM

Key Information:

Vendor: Linux
Status: Harbor
Vendor: CVE Published:; 3 December 2019

Summary

A User Enumeration flaw exists in Harbor. The issue is present in the "/users" API endpoint. This endpoint is supposed to be restricted to administrators. This restriction is able to be bypassed and information can be obtained about registered users can be obtained via the "search" functionality.

Affected Version(s)

Harbor Harbor versions 1.9.1 and prior

References

https://www.tenable.com/security/research/tra-2019-50

x_refsource_MISC

https://github.com/goharbor/harbor/security/advisories/GH...

x_refsource_CONFIRM

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 3, 2019
Vulnerability Reserved
Jan 3, 2019