{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-45822", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-10-13T12:00:50.438Z", "datePublished": "2023-10-19T20:53:36.298Z", "dateUpdated": "2023-10-19T20:53:36.298Z"}, "containers": {"cna": {"title": "Unsafe rego built-in allowed in Artifact Hub", "problemTypes": [{"descriptions": [{"cweId": "CWE-918", "lang": "en", "description": "CWE-918: Server-Side Request Forgery (SSRF)", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/artifacthub/hub/security/advisories/GHSA-9pc8-m4vp-ggvf", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/artifacthub/hub/security/advisories/GHSA-9pc8-m4vp-ggvf"}, {"name": "https://artifacthub.io/packages/helm/artifact-hub/artifact-hub?modal=changelog&version=1.16.0", "tags": ["x_refsource_MISC"], "url": "https://artifacthub.io/packages/helm/artifact-hub/artifact-hub?modal=changelog&version=1.16.0"}, {"name": "https://www.openpolicyagent.org/", "tags": ["x_refsource_MISC"], "url": "https://www.openpolicyagent.org/"}, {"name": "https://www.openpolicyagent.org/docs/latest/#rego", "tags": ["x_refsource_MISC"], "url": "https://www.openpolicyagent.org/docs/latest/#rego"}], "affected": [{"vendor": "artifacthub", "product": "hub", "versions": [{"version": "< 1.16.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-10-19T20:53:36.298Z"}, "descriptions": [{"lang": "en", "value": "Artifact Hub is a web-based application that enables finding, installing, and publishing packages and configurations for CNCF projects. During a security audit of Artifact Hub's code base a security researcher identified a bug in which a default unsafe rego built-in was allowed to be used when defining authorization policies. Artifact Hub includes a fine-grained authorization mechanism that allows organizations to define what actions can be performed by their members. It is based on customizable authorization policies that are enforced by the `Open Policy Agent`. Policies are written using `rego` and their data files are expected to be json documents. By default, `rego` allows policies to make HTTP requests, which can be abused to send requests to internal resources and forward the responses to an external entity. In the context of Artifact Hub, this capability should have been disabled. This issue has been resolved in version `1.16.0`. Users are advised to upgrade. There are no known workarounds for this vulnerability."}], "source": {"advisory": "GHSA-9pc8-m4vp-ggvf", "discovery": "UNKNOWN"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:artifacthub:hub:*:*:*:*:*:*:*:*", "matchCriteriaId": "19535757-82CE-47EA-B827-0273894CF9BD", "versionEndExcluding": "1.16.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Artifact Hub is a web-based application that enables finding, installing, and publishing packages and configurations for CNCF projects. During a security audit of Artifact Hub's code base a security researcher identified a bug in which a default unsafe rego built-in was allowed to be used when defining authorization policies. Artifact Hub includes a fine-grained authorization mechanism that allows organizations to define what actions can be performed by their members. It is based on customizable authorization policies that are enforced by the `Open Policy Agent`. Policies are written using `rego` and their data files are expected to be json documents. By default, `rego` allows policies to make HTTP requests, which can be abused to send requests to internal resources and forward the responses to an external entity. In the context of Artifact Hub, this capability should have been disabled. This issue has been resolved in version `1.16.0`. Users are advised to upgrade. There are no known workarounds for this vulnerability."}, {"lang": "es", "value": "Artifact Hub es una aplicaci\u00f3n basada en web que permite buscar, instalar y publicar paquetes y configuraciones para proyectos CNCF. Durante una auditor\u00eda de seguridad del c\u00f3digo base de Artifact Hub, un investigador de seguridad identific\u00f3 un error en el que se permit\u00eda el uso de un rego incorporado predeterminado no seguro al definir pol\u00edticas de autorizaci\u00f3n. Artifact Hub incluye un mecanismo de autorizaci\u00f3n detallado que permite a las organizaciones definir qu\u00e9 acciones pueden realizar sus miembros. Se basa en pol\u00edticas de autorizaci\u00f3n personalizables que aplica el \"Open Policy Agent\". Las pol\u00edticas se escriben utilizando `rego` y se espera que sus archivos de datos sean documentos json. De forma predeterminada, `rego` permite que las pol\u00edticas realicen solicitudes HTTP, de las cuales se puede abusar para enviar solicitudes a recursos internos y reenviar las respuestas a una entidad externa. En el contexto de Artifact Hub, esta capacidad deber\u00eda haberse deshabilitado. Este problema se resolvi\u00f3 en la versi\u00f3n `1.16.0`. Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad."}], "id": "CVE-2023-45822", "lastModified": "2023-10-30T15:37:49.727", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 1.4, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2023-10-19T21:15:08.930", "references": [{"source": "security-advisories@github.com", "tags": ["Product"], "url": "https://artifacthub.io/packages/helm/artifact-hub/artifact-hub?modal=changelog&version=1.16.0"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/artifacthub/hub/security/advisories/GHSA-9pc8-m4vp-ggvf"}, {"source": "security-advisories@github.com", "tags": ["Mitigation"], "url": "https://www.openpolicyagent.org/"}, {"source": "security-advisories@github.com", "tags": ["Mitigation"], "url": "https://www.openpolicyagent.org/docs/latest/#rego"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-918"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-918"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}