Content

Target customers: users who use Harbor versions 1.7.0 to 1.7.5 or 1.8.0 to 1.8.2. Features released: The Alibaba Cloud Emergency Response Center has detected an unauthorized administrator registration vulnerability in the Harbor image repository. Attackers can exploit this vulnerability by constructing specific strings in requests to create administrator accounts without authorization, thereby gaining full control over the Harbor image repository. Harbor is an enterprise-grade registry server designed for storing and distributing Docker images. The core/api/user.go file in versions 1.7.0 to 1.8.2 contains a security vulnerability. Attackers can exploit this vulnerability by adding a critical parameter to their request, allowing them to create administrator accounts and take over the Harbor image repository. We recommend that you upgrade Harbor to 1.7.6 and 1.8.3 and perform security checks. For more information, visit https://github.com/goharbor/harbor/releases.