← Zuruck zu CVEs
CVE-2019-3990
MEDIUM4.3
Beschreibung
A User Enumeration flaw exists in Harbor. The issue is present in the "/users" API endpoint. This endpoint is supposed to be restricted to administrators. This restriction is able to be bypassed and information can be obtained about registered users can be obtained via the "search" functionality.
CVE Details
CVSS v3.1 Bewertung4.3
SchweregradMEDIUM
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienLOW
BenutzerinteraktionNONE
Veroffentlicht12/3/2019
Zuletzt geandert11/21/2024
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
linuxfoundation:harbor
Schwachen (CWE)
CWE-269
Referenzen
https://github.com/goharbor/harbor/security/advisories/GHSA-6qj9-33j4-rvhg(vulnreport@tenable.com)
https://www.tenable.com/security/research/tra-2019-50(vulnreport@tenable.com)
https://github.com/goharbor/harbor/security/advisories/GHSA-6qj9-33j4-rvhg(af854a3a-2127-422b-91ae-364da2661108)
https://www.tenable.com/security/research/tra-2019-50(af854a3a-2127-422b-91ae-364da2661108)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.