VMware yesterday issued a security advisory acknowledging a critical "broken access control" vulnerability found in VMware Cloud Foundation and Harbor Container Registry for Pivotal Cloud Foundry (PCF).
According to the advisory, malicious actors with administrative access to a project could potentially exploit the flaw in order to "create a robot account inside of an adjacent project via the Harbor API." Doing so would allow them to push, pull or modify images in the targeted adjacent project.
Designated CVE-2019-16919, the vulnerability was assigned a maximum CVSSv3 base score of 9.1. Versions 1.8.x of the Harbor product, which is an enterprise-class registry server for storage and distribution of container images, are fixed with the release of v 1.8.4. (Versions 1.7.x are unaffected.) A patch is still pending for the company's VMware Cloud Foundation integrated software stack.
Please register to continue.
Already registered? Log in.
Once you register, you'll receive:
The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.
Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.
SC Media’s essential morning briefing for cybersecurity professionals.
One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.