Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2019-16097 PoC — Harbor 权限许可和访问控制问题漏洞

Source
https://github.com/Threekiii/Awesome-POC/blob/master/Web%E5%BA%94%E7%94%A8%E6%BC%8F%E6%B4%9E/Harbor%20%E6%9C%AA%E6%8E%88%E6%9D%83%E5%88%9B%E5%BB%BA%E7%AE%A1%E7%90%86%E5%91%98%E6%BC%8F%E6%B4%9E%20CVE-2019-16097.md
Associated Vulnerability
Title:Harbor 权限许可和访问控制问题漏洞 (CVE-2019-16097)
Description:core/api/user.go in Harbor 1.7.0 through 1.8.2 allows non-admin users to create admin accounts via the POST /api/users API, when Harbor is setup with DB as authentication backend and allow user to do self-registration. Fixed version: v1.7.6 v1.8.3. v.1.9.0. Workaround without applying the fix: configure Harbor to use non-DB authentication backend such as LDAP.
File Snapshot

 # Harbor 未授权创建管理员漏洞 CVE-2019-16097

## 漏洞描述

近日,镜像仓库Harbor爆出任意管理员注册漏洞,攻击者在请求中构造特定字符串,在未授权的情况下可以直接创建管

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →