OpenCVE

An access control issue in Harbor v1.X.X to v2.5.3 allows attackers to access public and private image repositories without authentication. NOTE: the vendor's position is that this "is clearly described in the documentation as a feature."

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Linuxfoundation	Harbor

Configuration 1 [-]

cpe:2.3:a:linuxfoundation:harbor:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/Vad1mo
https://github.com/lanqingaa/123/blob/main/README.md
https://github.com/lanqingaa/123/tree/bb48caa844d88b0e41e69157f2a2734311abf02d

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2023-01-12T00:00:00

Updated: 2024-08-03T14:31:46.444Z

Reserved: 2022-12-05T00:00:00

Link: CVE-2022-46463

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-01-13T00:15:09.673

Modified: 2024-11-21T07:30:36.537

Link: CVE-2022-46463

Redhat

No data.

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:linuxfoundation:harbor:*:*:*:*:*:*:*:*", "matchCriteriaId": "C3E47565-584B-46C0-B78C-5091758B5F8A", "versionEndIncluding": "2.5.3", "versionStartIncluding": "1.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [{"sourceIdentifier": "cve@mitre.org", "tags": ["disputed"]}], "descriptions": [{"lang": "en", "value": "An access control issue in Harbor v1.X.X to v2.5.3 allows attackers to access public and private image repositories without authentication. NOTE: the vendor's position is that this \"is clearly described in the documentation as a feature.\""}, {"lang": "es", "value": "Un problema de control de acceso en Harbor v1.XX a v2.5.3 permite a los atacantes acceder a repositorios de im\u00e1genes p\u00fablicos y privados sin autenticaci\u00f3n. NOTA: la posici\u00f3n del proveedor es que esto \"se describe claramente en la documentaci\u00f3n como una caracter\u00edstica\"."}], "id": "CVE-2022-46463", "lastModified": "2024-11-21T07:30:36.537", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-01-13T00:15:09.673", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/Vad1mo"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/lanqingaa/123/blob/main/README.md"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "https://github.com/lanqingaa/123/tree/bb48caa844d88b0e41e69157f2a2734311abf02d"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/Vad1mo"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/lanqingaa/123/blob/main/README.md"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "https://github.com/lanqingaa/123/tree/bb48caa844d88b0e41e69157f2a2734311abf02d"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-306"}], "source": "nvd@nist.gov", "type": "Primary"}]}