Dejanzelic

**Name of the Vulnerable Software and Affected Versions** Artifact Hub versions prior to 1.16.0 **Description** A security issue was identified in Artifact Hub's code base where the `registryIsDockerHub` function only checked if the registry domain had the `docker.io` suffix. This allowed for the potential hijacking of Docker credentials by purchasing a domain ending with `docker.io` and deploying a fake OCI registry. The credentials in question are used to increase the rate limit when interacting with the Docker Hub registry API for publicly available content. Although the credentials used by `artifacthub.io` only have permissions to read public content, other deployments might have used them differently. **Recommendations** For versions prior to 1.16.0, upgrade to version 1.16.0 to resolve the issue. As a temporary workaround, consider restricting the use of Docker credentials until the upgrade is applied. Avoid using the `registryIsDockerHub` function until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Artifact Hub versions prior to 1.16.0 **Description** Artifact Hub is a web-based application that enables finding, installing, and publishing packages and configurations for CNCF projects. It includes a fine-grained authorization mechanism that allows organizations to define what actions can be performed by their members, based on customizable authorization policies enforced by the Open Policy Agent. Policies are written using rego and their data files are expected to be json documents. By default, rego allows policies to make HTTP requests, which can be abused to send requests to internal resources and forward the responses to an external entity. In the context of Artifact Hub, this capability should have been disabled. **Recommendations** For versions prior to 1.16.0, upgrade to version 1.16.0 to resolve the issue. As a temporary workaround, consider disabling the use of rego built-ins that allow HTTP requests until a patch is available. Restrict access to internal resources to minimize the risk of exploitation. Avoid using rego policies that make HTTP requests to internal resources until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Artifact Hub versions prior to 1.16.0 **Description** Artifact Hub is a web-based application that enables finding, installing, and publishing packages and configurations for CNCF projects. A security researcher identified a bug in which by using symbolic links in certain kinds of repositories loaded into Artifact Hub, it was possible to read internal files. Artifact Hub indexes content from a variety of sources, including git repositories. When processing git based repositories, Artifact Hub clones the repository and, depending on the artifact kind, reads some files from it. During this process, in some cases, no validation was done to check if the file was a symbolic link. This made possible to read arbitrary files in the system, potentially leaking sensitive information. **Recommendations** For versions prior to 1.16.0, upgrade to version 1.16.0 to resolve the issue. As a temporary workaround, consider restricting access to the git repositories processed by Artifact Hub to minimize the risk of exploitation. Avoid using symbolic links in repositories loaded into Artifact Hub until the issue is resolved.