VMware patches critical bug in Harbor Container Registry for PCF

News by Bradley Barth

VMware issues security advisory acknowledging a critical 'broken access control' vulnerability found in VMware Cloud Foundation and Harbor Container Registry for Pivotal Cloud Foundry

VMware has issued a security advisory acknowledging a critical "broken access control" vulnerability found in VMware Cloud Foundation and Harbor Container Registry for Pivotal Cloud Foundry (PCF).

According to the advisory, malicious actors with administrative access to a project could potentially exploit the flaw in order to "create a robot account inside of an adjacent project via the Harbor API." Doing so would allow them to push, pull or modify images in the targeted adjacent project.

Designated CVE-2019-16919, the vulnerability was assigned a maximum CVSSv3 base score of 9.1. Versions 1.8.x of the Harbor product, which is an enterprise-class registry server for storage and distribution of container images, are fixed with the release of v 1.8.4. (Versions 1.7.x are unaffected.) A patch is still pending for the company’s VMware Cloud Foundation integrated software stack.

The original version of this article was published on SC Media US.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews