Lucene search

GoogleOSV:BIT-HARBOR-2022-46463

HistoryMar 06, 2024 - 10:53 a.m.

BIT-harbor-2022-46463

2024-03-0610:53:25

Google

osv.dev

access control

harbor v1.x.x

v2.5.3

unauthorized access

documentation

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.021 Low

EPSS

Percentile

88.9%

JSON

An access control issue in Harbor v1.X.X to v2.5.3 allows attackers to access public and private image repositories without authentication. NOTE: the vendor’s position is that this “is clearly described in the documentation as a feature.”

CPENameOperatorVersion
harborge1.1.0
harborlt2.5.3

CPE	Name	Operator	Version
	harbor	ge	1.1.0
	harbor	lt	2.5.3

References

github.com/lanqingaa/123/blob/main/README.md

github.com/lanqingaa/123/tree/bb48caa844d88b0e41e69157f2a2734311abf02d

github.com/Vad1mo

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.021 Low

EPSS

Percentile

88.9%

JSON

Related for OSV:BIT-HARBOR-2022-46463