Info DisclosureCVSS 5.3medium
9 min read
Enumerating Internal Architecture Through a Container Registry
During a black-box assessment of a global infrastructure provider, an unauthenticated Harbor container registry exposed the organization's complete internal project structure — service names, repository counts, team namespaces, and architectural relationships — without requiring any credentials. This is how the registry was found, what it disclosed, and why container registries with open access represent a more serious reconnaissance surface than they appear.
Read case