CVE-2023-45823 – github.com/artifacthub/hub

Package

Manager: go
Name: github.com/artifacthub/hub
Vulnerable Version: >=0 <1.16.0

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00105 pctl0.2921

Details

Artifact Hub arbitrary file read vulnerability ### Impact During a security audit of Artifact Hub's code base, a security researcher at [OffSec](https://www.offsec.com/) identified a bug in which by using symbolic links in certain kinds of repositories loaded into Artifact Hub, it was possible to read internal files. Artifact Hub indexes content from a variety of sources, including git repositories. When processing git based repositories, Artifact Hub clones the repository and, depending on the artifact kind, reads some files from it. During this process, in some cases, no validation was done to check if the file was a symbolic link. This made possible to read arbitrary files in the system, potentially leaking sensitive information. ### Patches This issue has been resolved in version [1.16.0](https://artifacthub.io/packages/helm/artifact-hub/artifact-hub?modal=changelog&version=1.16.0).

Metadata

Created: 2023-10-19T17:06:42Z
Modified: 2023-10-19T19:35:45Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/10/GHSA-hmq4-c2r4-5q8h/GHSA-hmq4-c2r4-5q8h.json
CWE IDs: ["CWE-22"]
Alternative ID: GHSA-hmq4-c2r4-5q8h
Finding: F063
Auto approve: 1