Attackers can exploit a critical security vulnerability in Harbor cloud native registry for container images to obtain admin privileges on a vulnerable hosting system. The security issue allows attackers to send a malicious request to a vulnerable machine and register a new user with the privileges of an administrator. Versions 1.7.0 through 1.8.2 are affected. A patch was available before the release of new versions of the product that address CVE-2019-16097. Researchers found 2,500 open Harbor instances and determined that 1,300 are vulnerable.
Source: https://www.bleepingcomputer.com/news/security/critical-bug-in-harbor-container-registry-gives-admin-access/