Closed
Description
CVE-2019-3990 references github.com/goharbor/harbor, which may be a Go module.
Description:
A User Enumeration flaw exists in Harbor. The issue is present in the "/users" API endpoint. This endpoint is supposed to be restricted to administrators. This restriction is able to be bypassed and information can be obtained about registered users can be obtained via the "search" functionality.
References:
- NIST: https://nvd.nist.gov/vuln/detail/CVE-2019-3990
- web: https://www.tenable.com/security/research/tra-2019-50
- advisory: GHSA-6qj9-33j4-rvhg
- Imported by: https://pkg.go.dev/github.com/goharbor/harbor?tab=importedby
Cross references:
- Module github.com/goharbor/harbor appears in issue x/vulndb: potential Go vuln in github.com/goharbor/harbor: GHSA-q9x4-q76f-5h5j #704 EFFECTIVELY_PRIVATE
- Module github.com/goharbor/harbor appears in issue x/vulndb: potential Go vuln in github.com/goharbor/harbor: GHSA-33p6-fx42-7rf5 #781 NOT_IMPORTABLE
- Module github.com/goharbor/harbor appears in issue x/vulndb: potential Go vuln in github.com/goharbor/harbor: GHSA-38r5-34mr-mvm7 #785 NOT_IMPORTABLE
- Module github.com/goharbor/harbor appears in issue x/vulndb: potential Go vuln in github.com/goharbor/harbor: GHSA-jr34-mff8-pc6f #853 NOT_IMPORTABLE
- Module github.com/goharbor/harbor appears in issue x/vulndb: potential Go vuln in github.com/goharbor/harbor: GHSA-q6cj-6jvq-jwmh #863 NOT_IMPORTABLE
- Module github.com/goharbor/harbor appears in issue x/vulndb: potential Go vuln in github.com/goharbor/harbor: GHSA-rffr-c932-cpxv #876 NOT_IMPORTABLE
- Module github.com/goharbor/harbor appears in issue x/vulndb: potential Go vuln in github.com/goharbor/harbor: GHSA-w4x5-jqq4-qc8x #883 NOT_IMPORTABLE
- Module github.com/goharbor/harbor appears in issue x/vulndb: potential Go vuln in github.com/goharbor/harbor: CVE-2022-31667, GHSA-xx9w-464f-7h6f #1009 EFFECTIVELY_PRIVATE
- Module github.com/goharbor/harbor appears in issue x/vulndb: potential Go vuln in github.com/goharbor/harbor: CVE-2022-31669, GHSA-8c6p-v837-77f6 #1010 EFFECTIVELY_PRIVATE
- Module github.com/goharbor/harbor appears in issue x/vulndb: potential Go vuln in github.com/goharbor/harbor: CVE-2022-31666, GHSA-jf8p-3vjh-pq94 #1011 EFFECTIVELY_PRIVATE
- Module github.com/goharbor/harbor appears in issue x/vulndb: potential Go vuln in github.com/goharbor/harbor: CVE-2022-31670, GHSA-3637-v6vq-xqqw #1012 EFFECTIVELY_PRIVATE
- Module github.com/goharbor/harbor appears in issue x/vulndb: potential Go vuln in github.com/goharbor/harbor: CVE-2022-31671, GHSA-q76q-q8hw-hmpw #1013 EFFECTIVELY_PRIVATE
- Module github.com/goharbor/harbor appears in issue x/vulndb: potential Go vuln in github.com/goharbor/harbor: GHSA-mq6f-5xh5-hgcf #2109 EFFECTIVELY_PRIVATE
See doc/triage.md for instructions on how to triage this report.
modules:
- module: github.com/goharbor/harbor
vulnerable_at: 2.9.1+incompatible
packages:
- package: Harbor
cves:
- CVE-2019-3990
references:
- web: https://www.tenable.com/security/research/tra-2019-50
- advisory: https://github.com/goharbor/harbor/security/advisories/GHSA-6qj9-33j4-rvhg