nuclei-templates/http/cves/2022/CVE-2022-46463.yaml

id: CVE-2022-46463

info:
  name: Harbor <=2.5.3 - Unauthorized Access
  author: Arm!tage
  severity: high
  description: An access control issue in Harbor v1.X.X to v2.5.3 allows attackers to access public and private image repositories without authentication. 
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2022-46463
  metadata:
    max-request: 1
    vendor: linuxfoundation
    product: harbor
  tags: cve,cve2022,intrusive,harbor

http:
  - method: GET
    path:
      - '{{BaseURL}}/api/v2.0/search'


    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - 'validation failure list:\nq in query is required'

      - type: status
        status:
          - 422
add cve-2022-46463.yaml 2023-08-16 08:46:20 +00:00			`id: CVE-2022-46463`

			`info:`
			`name: Harbor <=2.5.3 - Unauthorized Access`
			`author: Arm!tage`
			`severity: high`
			`description: An access control issue in Harbor v1.X.X to v2.5.3 allows attackers to access public and private image repositories without authentication.`
			`reference:`
			`- https://nvd.nist.gov/vuln/detail/CVE-2022-46463`
			`metadata:`
			`max-request: 1`
			`vendor: linuxfoundation`
			`product: harbor`
			`tags: cve,cve2022,intrusive,harbor`

			`http:`
			`- method: GET`
			`path:`
			`- '{{BaseURL}}/api/v2.0/search'`


			`matchers-condition: and`
			`matchers:`
			`- type: word`
			`part: body`
			`words:`
			`- 'validation failure list:\nq in query is required'`

			`- type: status`
			`status:`
			`- 422`