CVE-2019-16097: Improper Access Control

September 8, 2019 (updated October 17, 2019)

core/api/user.go in Harbor allows non-admin users to create admin accounts via the POST /api/users API, when Harbor is setup with DB as authentication backend and allow user to do self-registration.

References

nvd.nist.gov/vuln/detail/CVE-2019-16097

Detect and mitigate CVE-2019-16097 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →