CVE-2019-16097 PoC — Harbor 权限许可和访问控制问题漏洞

Source

https://github.com/evilAdan0s/CVE-2019-16097

Associated Vulnerability

Title:Harbor 权限许可和访问控制问题漏洞 (CVE-2019-16097)
Description:Harbor是一款开源的可信云本机注册表。该产品主要用于存储、签名和扫描容器映像以查找漏洞。 Harbor 1.7.0版本至1.8.2版本中的core/api/user.go文件存在权限许可和访问控制问题漏洞。攻击者可利用该漏洞创建admin账户。

Description

CVE-2019-16097 PoC

Readme

# CVE-2019-16097
**本程序只供安全研究使用，请勿用作非法！**
## 漏洞危害
可导致攻击者创建管理员账户，从而上传恶意镜像，导致使用该仓库的客户端被感染
## 漏洞组件
Harbor
## 影响版本
1.7.0-1.8.2
## 修复建议
尽快升级至1.7.6或1.8.3

File Snapshot


 [4.0K]  /data/pocs/15b46aa45df818c4f6c9227f488c0095e53c9900
├── [ 957]  CVE-2019-16097.py
├── [ 11K]  LICENSE
└── [ 303]  README.md

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!