Harbor Unauthorized Creation Of Administrator Vulnerability Cve 2019 16097
Harbor Unauthorized Creation Of Administrator Vulnerability Cve 2019 16097
Harbor Unauthorized creation of administrator vulnerability CVE-2019-16097
Vulnerability Description
Recently, a mirror repository Harbor broke out with an arbitrary administrator registration vulnerability. The attacker constructed a specific string in the request and could directly create an administrator account without authorization, thereby taking over the Harbor mirror repository.
Harbor is an enterprise-class Registry server for storing and distributing Docker images.
Vulnerability Impact
Harbor version 1.7.0 to version 1.8.2
Network surveying and mapping
title=”Harbor”
Vulnerability reappears
The login page is as follows
Send a request to create a user to the /api/user interface, and the status code returns to 201 and the creation is successful.
Use the created account to log in to the background successfully
##
This post is licensed under CC BY 4.0 by the author.