Network Security, Patch/Configuration Management, Vulnerability Management

VMware patches critical bug in Harbor Container Registry for PCF

VMware yesterday issued a security advisory acknowledging a critical "broken access control" vulnerability found in VMware Cloud Foundation and Harbor Container Registry for Pivotal Cloud Foundry (PCF).

According to the advisory, malicious actors with administrative access to a project could potentially exploit the flaw in order to "create a robot account inside of an adjacent project via the Harbor API." Doing so would allow them to push, pull or modify images in the targeted adjacent project.

Designated CVE-2019-16919, the vulnerability was assigned a maximum CVSSv3 base score of 9.1. Versions 1.8.x of the Harbor product, which is an enterprise-class registry server for storage and distribution of container images, are fixed with the release of v 1.8.4. (Versions 1.7.x are unaffected.) A patch is still pending for the company's VMware Cloud Foundation integrated software stack.

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.