CVE-2022-46463

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2022-46463
An access control issue in Harbor v1.X.X to v2.5.3 allows attackers to access public and private image repositories without authentication. NOTE: the vendor's position is that this "is clearly described in the documentation as a feature."

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://github.com/Vad1mo Third Party Advisory
https://github.com/lanqingaa/123/blob/main/README.md Third Party Advisory
https://github.com/lanqingaa/123/tree/bb48caa844d88b0e41e69157f2a2734311abf02d Broken Link
Configurations

Configuration 1 (hide)

cpe:2.3:a:linuxfoundation:harbor:*:*:*:*:*:*:*:*
History

11 Apr 2024, 01:17

Type Values Removed Values Added
Summary
  • (es) Un problema de control de acceso en Harbor v1.XX a v2.5.3 permite a los atacantes acceder a repositorios de imágenes públicos y privados sin autenticación. NOTA: la posición del proveedor es que esto "se describe claramente en la documentación como una característica".

07 Nov 2023, 03:55

Type Values Removed Values Added
Summary ** DISPUTED ** An access control issue in Harbor v1.X.X to v2.5.3 allows attackers to access public and private image repositories without authentication. NOTE: the vendor's position is that this "is clearly described in the documentation as a feature." An access control issue in Harbor v1.X.X to v2.5.3 allows attackers to access public and private image repositories without authentication. NOTE: the vendor's position is that this "is clearly described in the documentation as a feature."

24 Jan 2023, 16:17

Type Values Removed Values Added
First Time Linuxfoundation
Linuxfoundation harbor
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 7.5
CPE cpe:2.3:a:linuxfoundation:harbor:*:*:*:*:*:*:*:*
References (MISC) https://github.com/lanqingaa/123/tree/bb48caa844d88b0e41e69157f2a2734311abf02d - (MISC) https://github.com/lanqingaa/123/tree/bb48caa844d88b0e41e69157f2a2734311abf02d - Broken Link
References (MISC) https://github.com/lanqingaa/123/blob/main/README.md - (MISC) https://github.com/lanqingaa/123/blob/main/README.md - Third Party Advisory
References (MISC) https://github.com/Vad1mo - (MISC) https://github.com/Vad1mo - Third Party Advisory
CWE CWE-306

18 Jan 2023, 16:15

Type Values Removed Values Added
References
  • (MISC) https://github.com/Vad1mo -
  • (MISC) https://github.com/lanqingaa/123/tree/bb48caa844d88b0e41e69157f2a2734311abf02d -
Summary An access control issue in Harbor v1.X.X to v2.5.3 allows attackers to access public and private image repositories without authentication. ** DISPUTED ** An access control issue in Harbor v1.X.X to v2.5.3 allows attackers to access public and private image repositories without authentication. NOTE: the vendor's position is that this "is clearly described in the documentation as a feature."

13 Jan 2023, 00:15

Type Values Removed Values Added
New CVE
Information

Published : 2023-01-13 00:15

Updated : 2024-04-11 01:17

NVD link : CVE-2022-46463

Mitre link : CVE-2022-46463

CVE.ORG link : CVE-2022-46463

JSON object : View

Products Affected

linuxfoundation

  • harbor
CWE
CWE-306

Missing Authentication for Critical Function