Access Control Issue in Harbor Image Repository by VMware
CVE-2022-46463

7.5HIGH

Key Information:

Vendor
Linux
Status
Harbor
Vendor
CVE Published:
13 January 2023

Badges

👾 Exploit Exists🟡 Public PoC

Summary

An access control issue present in Harbor versions up to v2.5.3 allows unauthorized users to access both public and private image repositories without requiring authentication. This situation can lead to potential data exposure and misuse, as sensitive images stored within the repository can be accessed freely. While the vendor indicates this functionality is documented as a feature, it presents significant security concerns for users relying on secure access to their repositories.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2022-46463
Created by nu0l

CVE-2022-46463
Created by 404tk

harbor
Created by CodeSecurityTeam

References

https://github.com/lanqingaa/123/blob/main/README.md
https://github.com/lanqingaa/123/tree/bb48caa844d88b0e41e...
https://github.com/Vad1mo

EPSS Score

7% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.