CVE-2019-19091

Current Description

Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 allows SQL Injection via user-groups in the VMware Harbor Container Registry for the Pivotal Platform.

Basic Data

PublishedMarch 20, 2020
Last ModifiedMarch 20, 2020
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-89
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:S/C:P/I:P/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationSINGLE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score6.5
SeverityMEDIUM
Exploitability Score8.0
Impact Score6.4
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationCncfHarbor********1.7.01.8.6
    2.3ApplicationCncfHarbor********1.9.01.9.3
  • OR - Configuration 2
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationPivotalVmware Harbor Registry-*******

Vulnerable Software List

VendorProductVersions
Cncf Harbor *
Pivotal Vmware Harbor Registry -

References

NameSourceURLTags
https://github.com/goharbor/harbor/security/advisorieshttps://github.com/goharbor/harbor/security/advisoriesMISCThird Party Advisory
https://github.com/goharbor/harbor/security/advisories/GHSA-qcfv-8v29-469whttps://github.com/goharbor/harbor/security/advisories/GHSA-qcfv-8v29-469wMISCThird Party Advisory
https://tanzu.vmware.com/security/cve-2019-19029https://tanzu.vmware.com/security/cve-2019-19029CONFIRMThird Party Advisory