CVE-2023-45821
CVE-2023-45821 is a medium-severity vulnerability in Artifacthub Hub with a CVSS 3.x base score of 5.4. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-494.
Key facts
- Severity: Medium (CVSS 3.x base score 5.4)
- EPSS exploit prediction: 0% (11th percentile)
- Actively exploited: Not listed in CISA KEV
- Weakness: CWE-494
- Affected product: Artifacthub Hub
- Published:
- Last modified:
Description
Artifact Hub is a web-based application that enables finding, installing, and publishing packages and configurations for CNCF projects. During a security audit of Artifact Hub's code base a security researcher identified a bug in which the `registryIsDockerHub` function was only checking that the registry domain had the `docker.io` suffix. Artifact Hub allows providing some Docker credentials that are used to increase the rate limit applied when interacting with the Docker Hub registry API to read publicly available content. Due to the incorrect check described above, it'd be possible to hijack those credentials by purchasing a domain which ends with `docker.io` and deploying a fake OCI registry on it. <https://artifacthub.io/> uses some credentials that only have permissions to read public content available in the Docker Hub. However, even though credentials for private repositories (disabled on `artifacthub.io`) are handled in a different way, other Artifact Hub deployments could have been using them for a different purpose. This issue has been resolved in version `1.16.0`. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Frequently asked questions
- What is CVE-2023-45821?
- Artifact Hub is a web-based application that enables finding, installing, and publishing packages and configurations for CNCF projects. During a security audit of Artifact Hub's code base a security researcher identified a bug in which the `registryIsDockerHub` function was only checking that the registry domain had the `docker.io` suffix. Artifact Hub allows providing some Docker credentials that are used to increase the rate limit applied when interacting with the Docker Hub registry API to read publicly available content. Due to the incorrect check described above, it'd be possible to hijack those credentials by purchasing a domain which ends with `docker.io` and deploying a fake OCI registry on it. <https://artifacthub.io/> uses some credentials that only have permissions to read public content available in the Docker Hub. However, even though credentials for private repositories (disabled on `artifacthub.io`) are handled in a different way, other Artifact Hub deployments could have been using them for a different purpose. This issue has been resolved in version `1.16.0`. Users are advised to upgrade. There are no known workarounds for this vulnerability.
- How severe is CVE-2023-45821?
- CVE-2023-45821 has a CVSS 3.x base score of 5.4, rated medium severity. It is exploitable over network with low attack complexity, requires low privileges and no user interaction. Impact on confidentiality is low, integrity none, and availability low.
- Is CVE-2023-45821 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (11th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2023-45821?
- CVE-2023-45821 affects Artifacthub Hub. See the affected-products list for the exact vulnerable versions.
- How do I fix CVE-2023-45821?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- When was CVE-2023-45821 published?
- CVE-2023-45821 was published on 2023-10-19 and last updated on 2026-06-17.
References
- https://artifacthub.io/packages/helm/artifact-hub/artifact-hub?modal=changelog&version=1.16.0
- https://github.com/artifacthub/hub/security/advisories/GHSA-g6pq-x539-7w4j
Affected products (1)
- cpe:2.3:a:artifacthub:hub:*:*:*:*:*:*:*:*
More vulnerabilities in Artifacthub Hub
- CVE-2023-45823 — High (CVSS 7.5): Artifact Hub is a web-based application that enables finding, installing, and publishing packages and configurations…
- CVE-2023-45822 — Low (CVSS 3.7): Artifact Hub is a web-based application that enables finding, installing, and publishing packages and configurations…
All CVEs affecting Artifacthub Hub →
Other CWE-494 vulnerabilities
- CVE-2020-1595 — Critical (CVSS 9.9): <p>A remote code execution vulnerability exists in Microsoft SharePoint where APIs aren't properly protected from…
- CVE-2020-1210 — Critical (CVSS 9.9): <p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source…
- CVE-2026-42248 — Critical (CVSS 9.8): Ollama for Windows does not perform integrity or authenticity verification of downloaded update executables. Unlike…
- CVE-2026-34841 — Critical (CVSS 9.8): Bruno is an open source IDE for exploring and testing APIs. Prior to 3.2.1, Bruno was affected by a supply chain attack…
- CVE-2026-3000 — Critical (CVSS 9.8): IDExpert Windows Logon Agent developed by Changing has a Remote Code Execution vulnerability, allowing unauthenticated…
- CVE-2026-2999 — Critical (CVSS 9.8): IDExpert Windows Logon Agent developed by Changing has a Remote Code Execution vulnerability, allowing unauthenticated…