CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2019-19023
https://notcve.org/view.php?id=CVE-2019-19023
Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 has a Privilege Escalation Vulnerability in the VMware Harbor Container Registry for the Pivotal Platform. Cloud Native Computing Foundation Harbor versiones anteriores a 1.8.6 y 1.9.3, presenta una Vulnerabilidad de Escalada de Privilegios en el VMware Harbor Container Registry para la Pivotal Platform. • https://github.com/goharbor/harbor/security/advisories https://tanzu.vmware.com/security/cve-2019-19023 •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2019-19029
https://notcve.org/view.php?id=CVE-2019-19029
Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 allows SQL Injection via user-groups in the VMware Harbor Container Registry for the Pivotal Platform. Cloud Native Computing Foundation Harbor versiones anteriores a 1.8.6 y 1.9.3, permite una inyección SQL por medio de grupos de usuarios en el VMware Harbor Container Registry para la Pivotal Platform. • https://github.com/goharbor/harbor/security/advisories https://github.com/goharbor/harbor/security/advisories/GHSA-qcfv-8v29-469w https://tanzu.vmware.com/security/cve-2019-19029 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.9EPSS: 0%CPEs: 3EXPL: 0CVE-2019-19026
https://notcve.org/view.php?id=CVE-2019-19026
Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 allows SQL Injection via project quotas in the VMware Harbor Container Registry for the Pivotal Platform. Cloud Native Computing Foundation Harbor versiones anteriores a 1.8.6 y 1.9.3, permite una inyección SQL por medio de cuotas de proyecto en el VMware Harbor Container Registry para la Pivotal Platform. • https://github.com/goharbor/harbor/security/advisories https://github.com/goharbor/harbor/security/advisories/GHSA-rh89-vvrg-fg64 https://tanzu.vmware.com/security/cve-2019-19026 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2019-19025
https://notcve.org/view.php?id=CVE-2019-19025
Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 allows CSRF in the VMware Harbor Container Registry for the Pivotal Platform. Cloud Native Computing Foundation Harbor versiones anteriores a 1.8.6 y 1.9.3, permite un ataque de tipo CSRF en el VMware Harbor Container Registry para la Pivotal Platform. • https://github.com/goharbor/harbor/security/advisories https://github.com/goharbor/harbor/security/advisories/GHSA-gcqm-v682-ccw6 https://tanzu.vmware.com/security/cve-2019-19025 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0CVE-2019-3990
https://notcve.org/view.php?id=CVE-2019-3990
A User Enumeration flaw exists in Harbor. The issue is present in the "/users" API endpoint. This endpoint is supposed to be restricted to administrators. This restriction is able to be bypassed and information can be obtained about registered users can be obtained via the "search" functionality. Se presenta un fallo de Enumeración de Usuarios en Harbor. • https://github.com/goharbor/harbor/security/advisories/GHSA-6qj9-33j4-rvhg https://www.tenable.com/security/research/tra-2019-50 • CWE-269: Improper Privilege Management •