CVE-2019-19025

Name of the Vulnerable Software and Affected Versions Cloud Native Computing Foundation Harbor versions prior to 1.8.6 and 1.9.3

Description The issue is related to Cross-Site Request Forgery (CSRF) in the Harbor web interface, which does not implement protection mechanisms against such attacks. This allows an attacker to execute any action on the platform in the context of the currently authenticated victim by luring them onto a prepared third-party website. Successful exploitation will lead to third parties executing actions on the platform on behalf of authenticated users and administrators.

Recommendations Update to version 1.8.6 or 1.9.3 to patch this issue immediately. As a temporary workaround, consider restricting access to the Harbor web interface to minimize the risk of exploitation.