Medium severity6.5NVD Advisory· Published Sep 8, 2019· Updated Jun 17, 2026
CVE-2019-16097
CVE-2019-16097
Description
core/api/user.go in Harbor 1.7.0 through 1.8.2 allows non-admin users to create admin accounts via the POST /api/users API, when Harbor is setup with DB as authentication backend and allow user to do self-registration. Fixed version: v1.7.6 v1.8.3. v.1.9.0. Workaround without applying the fix: configure Harbor to use non-DB authentication backend such as LDAP.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/goharbor/harborGo | >= 1.7.0, < 1.9.0-rc1 | 1.9.0-rc1 |
Affected products
2- Harbor/Harbordescription
Patches
Vulnerability mechanics
References
9- github.com/goharbor/harbor/commit/b6db8a8a106259ec9a2c48be8a380cb3b37cf517nvdPatchThird Party AdvisoryWEB
- github.com/goharbor/harbor/compare/v1.8.2...v1.9.0-rc1nvdPatchThird Party AdvisoryWEB
- www.vmware.com/security/advisories/VMSA-2019-0015.htmlnvdThird Party AdvisoryWEB
- github.com/advisories/GHSA-9wvh-ff5f-xjpjghsaADVISORY
- github.com/goharbor/harbor/releases/tag/v1.7.6nvdThird Party AdvisoryWEB
- github.com/goharbor/harbor/releases/tag/v1.8.3nvdThird Party AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2019-16097ghsaADVISORY
- unit42.paloaltonetworks.com/critical-vulnerability-in-harbor-enables-privilege-escalation-from-zero-to-admin-cve-2019-16097/nvdThird Party Advisory
- unit42.paloaltonetworks.com/critical-vulnerability-in-harbor-enables-privilege-escalation-from-zero-to-admin-cve-2019-16097ghsaWEB
News mentions
0No linked articles in our index yet.