Login Sign Up

CVE-2023-45823

7.5 HIGH
Path Traversal

📋 TL;DR

Artifact Hub versions before 1.16.0 contain a path traversal vulnerability where symbolic links in git repositories can be exploited to read arbitrary files on the server. This affects all Artifact Hub deployments processing git-based repositories. Attackers could potentially access sensitive system files and configuration data.

💻 Affected Systems

Products:
  • Artifact Hub
Versions: All versions before 1.16.0
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects deployments that process git-based repositories. Helm chart repositories and other repository types are vulnerable when using git sources.

📦 What is this software?

Hub by Artifacthub

View all CVEs affecting Hub →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete server compromise through reading sensitive files like SSH keys, database credentials, or Kubernetes secrets, leading to lateral movement and data exfiltration.

🟠

Likely Case

Information disclosure of internal files, potentially exposing configuration files, environment variables, or other sensitive data stored on the Artifact Hub server.

🟢

If Mitigated

Limited impact if server runs with minimal privileges and sensitive files are properly secured with appropriate permissions.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires ability to create or modify git repositories that Artifact Hub processes. No authentication bypass needed beyond repository access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.16.0

Vendor Advisory: https://github.com/artifacthub/hub/security/advisories/GHSA-hmq4-c2r4-5q8h

Restart Required: Yes

Instructions:

1. Backup current configuration and data. 2. Update Artifact Hub to version 1.16.0 or later using your deployment method (Helm, Docker, etc.). 3. Restart the Artifact Hub service. 4. Verify the update was successful.

🔧 Temporary Workarounds

No workarounds available

all

The vendor states there are no known workarounds for this vulnerability

🧯 If You Can't Patch

  • Restrict git repository sources to trusted repositories only
  • Run Artifact Hub with minimal file system permissions and in a containerized environment

🔍 How to Verify

Check if Vulnerable:

Check Artifact Hub version via web interface or API. If version is below 1.16.0, the system is vulnerable.

Check Version:

curl -s http://artifact-hub-url/api/v1/version | grep version

Verify Fix Applied:

Confirm Artifact Hub version is 1.16.0 or higher and test that symbolic links in git repositories no longer allow file access outside the repository.

📡 Detection & Monitoring

Log Indicators:

  • Unusual file access patterns in Artifact Hub logs
  • Errors related to symbolic link resolution
  • Access to files outside expected repository paths

Network Indicators:

  • Unusual git repository processing requests
  • Increased file read operations from Artifact Hub server

SIEM Query:

source="artifact-hub" AND ("symlink" OR "path traversal" OR "file read error")

📊 Metadata

CVE ID: CVE-2023-45823
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-22
Published: October 19, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-45823, you might also want to check these:

CVE-2024-43955 10.0

CVE-2024-43955 is an unauthenticated path traversal vulnerability in the Droip WordPress plugin that...

Same vulnerability type (CWE-22)
CVE-2025-54261 10.0

This critical path traversal vulnerability in Adobe ColdFusion allows attackers to escape restricted...

Same vulnerability type (CWE-22)
CVE-2024-40628 10.0

This critical vulnerability in JumpServer allows attackers to read arbitrary files from the Celery c...

Same vulnerability type (CWE-22)