CVE-2019-16919

Name of the Vulnerable Software and Affected Versions Harbor (affected versions not specified)

Description The issue is related to a Broken Access Control vulnerability in the Harbor API. This vulnerability allows project administrators to create a robot account with unauthorized push and/or pull access permissions to a project they do not have access or control over. The Harbor API fails to enforce proper project permissions and project scope on API requests to create new robot accounts. The vulnerability can be exploited by a remote attacker to elevate their privileges and gain unauthorized access to adjacent projects.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.