A critical vulnerability has been found in a popular open source cloud system that can permit attackers to take over registries by giving themselves administrative rights.
On Wednesday, researchers from Palo Alto Networks’ Unit 42 said the bug was uncovered during the analysis of projects connected to the Cloud Native Computing Foundation (CNCF).
The vulnerable software is Harbor, open source cloud registry software for storing, signing, and scanning container images for security issues. The software is compatible with Docker Hub, Docker Registry, and Google Container Registry, among others.