This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: A critical privilege escalation flaw in Harbor's user registration API.β¦
π‘οΈ **Root Cause**: Improper Access Control in `core/api/user.go`. π **Flaw**: The system fails to validate the `has_admin_role` parameter during user creation, allowing unprivileged users to self-assign admin rights.
Q3Who is affected? (Versions/Components)
π¦ **Component**: Harbor (Open-source Cloud Native Registry). π **Affected Versions**: **1.7.0** through **1.8.2**. β **Safe Versions**: 1.7.6 and 1.8.3+.
Q4What can hackers do? (Privileges/Data)
π **Privileges**: Full **Administrator** access. π **Data Impact**: Can upload malicious container images, compromise client systems pulling these images, and control the entire registry infrastructure.
Q5Is exploitation threshold high? (Auth/Config)
π **Threshold**: **LOW**. π« **Auth Required**: None. βοΈ **Config**: Exploits the public registration API endpoint. No prior credentials needed to trigger the vulnerability.
Q6Is there a public Exp? (PoC/Wild Exploitation)
π₯ **Public Exp?**: **YES**. π **PoCs**: Multiple Python scripts available on GitHub (e.g., `harbor-give-me-admin`, `CVE-2019-16097-batch`). π **Wild Exploitation**: Active scanning and exploitation tools exist.
Q7How to self-check? (Features/Scanning)
π **Self-Check**: Use batch scanning scripts (Python). π **Method**: Send POST request with `"has_admin_role": true` to `/api/users`.β¦
π οΈ **Fixed?**: **YES**. π₯ **Patch**: Upgrade to **Harbor v1.7.6** or **v1.8.3**. π **Reference**: Official GitHub releases and commits have addressed this access control issue.
Q9What if no patch? (Workaround)
π§ **No Patch Workaround**: Disable public user registration in Harbor configuration. π **Mitigation**: Restrict access to the `/api/users` endpoint via WAF or network ACLs if upgrading is delayed.
Q10Is it urgent? (Priority Suggestion)
β‘ **Urgency**: **CRITICAL**. π¨ **Priority**: **P1**. Immediate patching required. The ability to gain admin access without credentials poses an existential threat to container security infrastructure.