CVE-2022-46463

Опубликовано: 13 янв. 2023

Источник: nvd

CVSS3: 7.5

EPSS Высокий

Описание

An access control issue in Harbor v1.X.X to v2.5.3 allows attackers to access public and private image repositories without authentication. NOTE: the vendor's position is that this "is clearly described in the documentation as a feature."

Ссылки

https://github.com/Vad1mo
Third Party Advisory
https://github.com/lanqingaa/123/blob/main/README.md
Third Party Advisory
https://github.com/lanqingaa/123/tree/bb48caa844d88b0e41e69157f2a2734311abf02d
Broken Link
https://github.com/Vad1mo
Third Party Advisory
https://github.com/lanqingaa/123/blob/main/README.md
Third Party Advisory
https://github.com/lanqingaa/123/tree/bb48caa844d88b0e41e69157f2a2734311abf02d
Broken Link

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:linuxfoundation:harbor:*:*:*:*:*:*:*:*

Версия от 1.1.0 (включая) до 2.5.3 (включая)

EPSS

Процентиль: 99%

0.77573

Высокий

7.5 High

CVSS3

Дефекты

CWE-306

Связанные уязвимости

GHSA-5c53-mg2q-8qhc