Critical vulnerability in Harbor cloud native registry allows privilege escalation

• Researchers have found 1,300 vulnerable Harbor registries that could allow anyone to gain admin privileges to the registry under its default settings.
• Once an attacker gains privilege access to a Harbor registry, he could download the images of private projects and inspect them for vulnerabilities.

A security researcher from Palo Alto Networks' Unit 42, Aviv Sasson discovered a critical vulnerability in Harbor cloud native registry that could allow attackers to take control of Harbor registries with the default configuration.

More details about the vulnerability

The privilege escalation vulnerability tracked as CVE-2019-16097 allows attackers to send a malicious request to a vulnerable machine and register a new user with the privileges of an administrator.

• Researchers have found 1,300 vulnerable Harbor registries that could allow anyone to gain admin privileges to the registry under its default settings.
• Once an attacker gains privilege access to a Harbor registry, he could download the images of private projects and inspect them for vulnerabilities.
• They can delete all of the images in the registry or could even upload malicious versions of the images to the registry.

“The attacker can create a new user and set it to be admin. After that, they can connect to Harbor registry via the Docker command line tool with the new credentials and replace the current images with anything they desire. These can include malware, crypto miners or even worse,” Sasson explained.

Patch available

The vulnerability impacts versions 1.7.0 through 1.8.2. However, the Harbor team released the patch to address this issue. The patch is included in the latest Harbor versions 1.7.6 and 1.8.3.

All users are recommended to update their Harbor installations because this vulnerability gives anyone full access to their registry.