GMS-2022-58: Unauthenticated users can exploit an enumeration vulnerability in Harbor (CVE-2019-19030)

February 11, 2022

Sean Wright from Secureworks has discovered an enumeration vulnerability. An attacker can make use of the Harbor API to make unauthenticated calls to the Harbor instance.

References

github.com/advisories/GHSA-q9x4-q76f-5h5j
github.com/goharbor/harbor/security/advisories/GHSA-q9x4-q76f-5h5j

Code Behaviors & Features

Detect and mitigate GMS-2022-58 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →