Base Score

MEDIUM5.3

CVE-2019-19030

Cloud Native Computing Foundation Harbor before 1.10.3 and 2.x before 2.0.1 allows resource enumeration because unauthenticated API calls reveal (via the HTTP status code) whether a resource exists.

VectorNETWORK

Published Bycve@mitre.org

Published DateDec 26, 2022, 22:15

Affected Versions(2)

github.com/goharbor/harbor(Go)

Introduced1.7.0

Fixed1.10.3

LimitN/A

github.com/goharbor/harbor(Go)

Introduced2.0.0

Fixed2.0.1

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
github.com/goharbor/harbor(Go)	1.7.0	1.10.3	N/A
github.com/goharbor/harbor(Go)	2.0.0	2.0.1	N/A

Weakness Type (CWE):NVD-CWE-noinfo

CVSS Metrics

Base Score

5.3

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Base Severity

MEDIUM

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

LOW

Integrity (I)

NONE

Availability (A)

NONE

References

https://github.com/goharbor/harbor/security/advisories/GHSA-q9x4-q76f-5h5j

Base Score

MEDIUM5.3

Weakness Type (CWE):NVD-CWE-noinfo

CVSS Metrics

Base Score

5.3

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Base Severity

MEDIUM

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

LOW

Integrity (I)

NONE

Availability (A)

NONE