Sat. Dec 7th, 2019

TerabitWeb Blog

Fascinating Technology and Security Information

VMware patches critical bug in Harbor Container Registry for PCF

2 min read

Original Post from SC Magazine
Author: Bradley Barth

VMware yesterday issued a security advisory acknowledging a critical “broken access control” vulnerability found in VMware Cloud Foundation and Harbor Container Registry for Pivotal Cloud Foundry (PCF).

According to the advisory, malicious actors with administrative access to a project could potentially exploit the flaw in order to “create a robot account inside of an adjacent project via the Harbor API.” Doing so would allow them to push, pull or modify images in the targeted adjacent project.

Designated CVE-2019-16919, the vulnerability was assigned a maximum CVSSv3 base score of 9.1. Versions 1.8.x of the Harbor product, which is an enterprise-class registry server for storage and distribution of container images, are fixed with the release of v 1.8.4. (Versions 1.7.x are unaffected.) A patch is still pending for the company’s VMware Cloud Foundation integrated software stack.

The post VMware patches critical bug in Harbor Container Registry for PCF appeared first on SC Media.


Go to Source
Author: Bradley Barth

Leave a Reply

Copyright © All rights reserved. | Newsphere by AF themes.