CVE-2019-19030

MEDIUM

Cloud Native Computing Foundation Harbor <1.10.3, <2.0.1 - Info Dis...

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-19030. PoCs published by shodanwashere.

AI-analyzed exploit summary The repository contains a functional exploit script for CVE-2019-19030, which targets Harbor registry versions <1.10.3 and <2.0.1. The script enumerates projects and pulls Docker images, potentially exposing sensitive data.

Description

Cloud Native Computing Foundation Harbor before 1.10.3 and 2.x before 2.0.1 allows resource enumeration because unauthenticated API calls reveal (via the HTTP status code) whether a resource exists.

Exploits (1)

nomisec WORKING POC 1 stars

by shodanwashere · poc

https://github.com/shodanwashere/boatcrash

View Code ZIP pw:eip

The repository contains a functional exploit script for CVE-2019-19030, which targets Harbor registry versions <1.10.3 and <2.0.1. The script enumerates projects and pulls Docker images, potentially exposing sensitive data.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Harbor registry <1.10.3, <2.0.1

No auth needed

Prerequisites: curl · jq · docker · network access to vulnerable Harbor instance

MITRE ATT&CK

T1592 - Gather Victim Host Information T1119 - Automated Collection

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Third Party Advisory

https://github.com/goharbor/harbor/security/advisories/GHSA-q9x4-q76f-5h5j

Scores

CVSS v3 5.3

EPSS 0.0189

EPSS Percentile 76.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-204

Status published

Products (2)

goharbor/harbor 1.7.0 - 1.10.3Go

linuxfoundation/harbor < 1.10.3

Published Dec 26, 2022

Tracked Since Feb 18, 2026