CVE-2019-3990

Source
https://cve.org/CVERecord?id=CVE-2019-3990
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-3990.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-3990
Aliases
  • GHSA-6qj9-33j4-rvhg
Published
2019-12-03T17:15:11.727Z
Modified
2026-07-09T01:06:35.985900Z
Severity
  • 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
[none]
Details

A User Enumeration flaw exists in Harbor. The issue is present in the "/users" API endpoint. This endpoint is supposed to be restricted to administrators. This restriction is able to be bypassed and information can be obtained about registered users can be obtained via the "search" functionality.

References

Affected packages

Git / github.com/goharbor/harbor

Affected ranges

Type
GIT
Repo
https://github.com/goharbor/harbor
Events
Database specific
{
    "cpe": [
        "cpe:2.3:a:linuxfoundation:harbor:*:*:*:*:*:*:*:*",
        "cpe:2.3:a:linuxfoundation:harbor:1.9.0:-:*:*:*:*:*:*",
        "cpe:2.3:a:linuxfoundation:harbor:1.9.0:rc1:*:*:*:*:*:*",
        "cpe:2.3:a:linuxfoundation:harbor:1.9.0:rc2:*:*:*:*:*:*",
        "cpe:2.3:a:linuxfoundation:harbor:1.9.1:-:*:*:*:*:*:*",
        "cpe:2.3:a:linuxfoundation:harbor:1.9.1:rc1:*:*:*:*:*:*"
    ],
    "extracted_events": [
        {
            "introduced": "1.7.0"
        },
        {
            "last_affected": "1.7.6"
        },
        {
            "introduced": "1.8.0"
        },
        {
            "last_affected": "1.8.5"
        },
        {
            "introduced": "1.9.0-NA"
        },
        {
            "last_affected": "1.9.0-NA"
        },
        {
            "introduced": "1.9.0-rc1"
        },
        {
            "last_affected": "1.9.0-rc1"
        },
        {
            "introduced": "1.9.0-rc2"
        },
        {
            "last_affected": "1.9.0-rc2"
        },
        {
            "introduced": "1.9.1-NA"
        },
        {
            "last_affected": "1.9.1-NA"
        },
        {
            "introduced": "1.9.1-rc1"
        },
        {
            "last_affected": "1.9.1-rc1"
        }
    ],
    "source": [
        "CPE_RANGE",
        "CPE_STRING"
    ]
}

Affected versions

1.*
1.9.0-NA
1.9.0-rc1
1.9.0-rc2
1.9.1-NA
1.9.1-rc1
v1.*
v1.7.0
v1.7.1
v1.7.2
v1.7.3
v1.7.4
v1.7.5
v1.7.6
v1.7.6-rc1
v1.8.0
v1.8.1
v1.8.2
v1.8.2-rc1
v1.8.2-rc2
v1.8.3
v1.8.3-rc1
v1.8.4
v1.8.4-rc1
v1.8.5
v1.8.5-rc1
v1.9.0
v1.9.1-rc1

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-3990.json"