CVE-2019-16097
published 2019-09-08CVE-2019-16097: core/api/user.go in Harbor 1.7.0 through 1.8.2 allows non-admin users to create admin accounts via the POST /api/users API, when Harbor is setup with DB as…
PriorityP258medium6.5CVSS 3.1
AVNACLPRLUINSUCNIHAN
EXPLOIT
EPSS
23.28%
97.5th percentile
core/api/user.go in Harbor 1.7.0 through 1.8.2 allows non-admin users to create admin accounts via the POST /api/users API, when Harbor is setup with DB as authentication backend and allow user to do self-registration. Fixed version: v1.7.6 v1.8.3. v.1.9.0. Workaround without applying the fix: configure Harbor to use non-DB authentication backend such as LDAP.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | goharbor_harbor | >= 1.7.0 < 1.9.0-rc1 | 1.9.0-rc1 |
| linuxfoundation | harbor | — | — |
| linuxfoundation | harbor | — | — |
| linuxfoundation | harbor | — | — |
| linuxfoundation | harbor | — | — |
| linuxfoundation | harbor | — | — |
| linuxfoundation | harbor | — | — |
| linuxfoundation | harbor | — | — |
| linuxfoundation | harbor | — | — |
| linuxfoundation | harbor | — | — |
| linuxfoundation | harbor | — | — |
Detection & IOCsextracted from sources · hover to see the quote
command{"username": "testpoc", "has_admin_role": true, "password": "TestPoc!", "email": "[email protected]", "realname": "poc"}
otherhttp.favicon.hash:657337228
othericon_hash=657337228
- →A successful exploitation returns HTTP 201 (user created) or HTTP 409 (username already used), both indicating the payload reached the vulnerable endpoint.
- →Use the Nuclei template CVE-2019-16097.yaml (part of the harbor-workflow) to actively probe Harbor instances for this privilege escalation vulnerability.
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:N/I:P/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VMware
VMware Cloud Foundation and VMware Harbor Container Registry for PCF address remote escalation of privilege vulnerability (CVE-2019-16097)
vendor_vmware·2019-09-24·CVSS 6.5
CVE-2019-16097 [MEDIUM] VMware Cloud Foundation and VMware Harbor Container Registry for PCF address remote escalation of privilege vulnerability (CVE-2019-16097)
VMSA-2019-0015: VMware Cloud Foundation and VMware Harbor Container Registry for PCF address remote escalation of privilege vulnerability (CVE-2019-16097)
| Advisory Severity | Critical | Synopsis | VMware Cloud Foundation and VMware Harbor Container Registry for PCF address remote escalation of privilege vulnerability (CVE-2019-16097) | Issue Date | 2019-09-24 | Updated On | 2019-12-11 | CVE(s) | CVE-2019-16097 VMware Cloud Foundation VMware Harbor Container Registry for PCF
CVEs: CVE-2019-16097
Affected products: VMware Cloud Foundation
OSV
Missing Authorization in Harbor in github.com/goharbor/harbor
osv·2024-08-21
CVE-2019-16097 Missing Authorization in Harbor in github.com/goharbor/harbor
Missing Authorization in Harbor in github.com/goharbor/harbor
Missing Authorization in Harbor in github.com/goharbor/harbor
OSV
Missing Authorization in Harbor
osv·2022-02-15
CVE-2019-16097 [MEDIUM] Missing Authorization in Harbor
Missing Authorization in Harbor
core/api/user.go in Harbor 1.7.0 through 1.8.2 allows non-admin users to create admin accounts via the POST /api/users API. This is fixed in 1.9.0-rc1.
GHSA
Missing Authorization in Harbor
ghsa·2022-02-15
CVE-2019-16097 [MEDIUM] CWE-862 Missing Authorization in Harbor
Missing Authorization in Harbor
core/api/user.go in Harbor 1.7.0 through 1.8.2 allows non-admin users to create admin accounts via the POST /api/users API. This is fixed in 1.9.0-rc1.
No detection rules found.
Nuclei
Harbor Security Checks
nuclei·CVSS 6.5
CVE-2019-16097 [MEDIUM] Harbor Security Checks
Harbor Security Checks
A simple workflow that runs all Harbor related nuclei templates on a given target.
Template:
id: harbor-workflow
info:
name: Harbor Security Checks
author: pikpikcu
description: A simple workflow that runs all Harbor related nuclei templates on a given target.
workflows:
- template: http/technologies/harbor-detect.yaml
subtemplates:
- template: http/cves/2019/CVE-2019-16097.yaml
Nuclei
Harbor <=1.82.0 - Privilege Escalation
nuclei·CVSS 6.5
CVE-2019-16097 [MEDIUM] Harbor <=1.82.0 - Privilege Escalation
Harbor <=1.82.0 - Privilege Escalation
Harbor 1.7.0 through 1.8.2 is susceptible to privilege escalation via core/api/user.go, which allows allows non-admin users to create admin accounts via the POST /api/users API when Harbor is setup with DB as an authentication backend and allows user to do self-registration.
Template:
id: CVE-2019-16097
info:
name: Harbor <=1.82.0 - Privilege Escalation
author: pikpikcu
severity: medium
description: Harbor 1.7.0 through 1.8.2 is susceptible to privilege escalation via core/api/user.go, which allows allows non-admin users to create admin accounts via the POST /api/users API when Harbor is setup with DB as an authentication backend and allows user to do self-registration.
impact: |
Successful exploitation of this vulnerability could allow an attacke
Unit42
Critical Vulnerability in Harbor Enables Privilege Escalation from Zero to Admin (CVE-2019-16097)
blogs_unit42·2019-09-18·CVSS 6.5
CVE-2019-16097 [MEDIUM] Critical Vulnerability in Harbor Enables Privilege Escalation from Zero to Admin (CVE-2019-16097)
## Executive Summary
Aviv Sasson, a security researcher from the cloud division of Unit 42, has identified a critical vulnerability in a widespread cloud native registry called Harbor. The vulnerability allows attackers to take over Harbor registries by sending them a malicious request.
The maintainers of Harbor released a patch that closes this critical security hole. Versions 1.7.6 and 1.8.3 include this fix.
Unit 42 has found 1,300 Harbor registries open to the internet with vulnerable default settings, which are currently at risk until they’re updated.
## Background
As part of our initiative to contribute to and improve Cloud Native Computing Foundation
(CNCF) projects, I recently looked at the Harbor project. I found a critical privilege escalation vulnerability that allows anyo
Unit42
Critical Vulnerability in Harbor Enables Privilege Escalation from Zero to Admin (CVE-2019-16097)
blogs_unit42·2019-09-18·CVSS 6.5
CVE-2019-16097 [MEDIUM] Critical Vulnerability in Harbor Enables Privilege Escalation from Zero to Admin (CVE-2019-16097)
Threat Research Center
Threat Research
Cloud Cybersecurity Research
## Critical Vulnerability in Harbor Enables Privilege Escalation from Zero to Admin (CVE-2019-16097)
Aviv Sasson
Published: September 18, 2019
Cloud Cybersecurity Research
Threat Research
Vulnerabilities
CNCF
Containers
CVE-2019-16097
Harbor
## Executive Summary
Aviv Sasson, a security researcher from the cloud division of Unit 42, has identified a critical vulnerability in a widespread cloud native registry called Harbor. The vulnerability allows attackers to take over Harbor registries by sending them a malicious request.
The maintainers of Harbor released a patch that closes this critical security hole. Versions 1.7.6 and 1.8.3 include this fix.
Unit 42 has found 1,300 Harbor registries open to the i
Greynoiseio
NoiseLetter September 2025
blogs_greynoiseio
NoiseLetter September 2025
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Find out immediately if an asset communicates with a malicious IP address
Vulnerability Prioritization Get real-time insight into active exploitation trends to better understand risk and severity
SOC Efficiency Filter out noisy, low priority and false-positive alerts from mass internet scanners
Incident Investigation Add context to incidents to speed the determinations of scope and timelines
Threat Hunting Quickly identify anomalous behavior and enrich your threat hunting campaigns
Why GreyNoise
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Fin
http://www.vmware.com/security/advisories/VMSA-2019-0015.htmlhttps://github.com/goharbor/harbor/commit/b6db8a8a106259ec9a2c48be8a380cb3b37cf517https://github.com/goharbor/harbor/compare/v1.8.2...v1.9.0-rc1https://github.com/goharbor/harbor/releases/tag/v1.7.6https://github.com/goharbor/harbor/releases/tag/v1.8.3https://unit42.paloaltonetworks.com/critical-vulnerability-in-harbor-enables-privilege-escalation-from-zero-to-admin-cve-2019-16097/http://www.vmware.com/security/advisories/VMSA-2019-0015.htmlhttps://github.com/goharbor/harbor/commit/b6db8a8a106259ec9a2c48be8a380cb3b37cf517https://github.com/goharbor/harbor/compare/v1.8.2...v1.9.0-rc1https://github.com/goharbor/harbor/releases/tag/v1.7.6https://github.com/goharbor/harbor/releases/tag/v1.8.3https://unit42.paloaltonetworks.com/critical-vulnerability-in-harbor-enables-privilege-escalation-from-zero-to-admin-cve-2019-16097/
2019-09-08
Published