CVE-2023-45822: 
NixOS vulnerability analysis and mitigation

Artifact Hub is a web-based application that enables finding, installing, and publishing packages and configurations for CNCF projects. A security vulnerability was discovered in versions prior to 1.16.0, identified as CVE-2023-45822. During a security audit by researcher Dejan Zelic at OffSec, it was found that a default unsafe rego built-in was allowed to be used when defining authorization policies (GitHub Advisory).

The vulnerability exists in Artifact Hub's fine-grained authorization mechanism that allows organizations to define member action permissions. The system uses Open Policy Agent for enforcing customizable authorization policies written in rego language with JSON data files. By default, rego allows policies to make HTTP requests, which should have been disabled in Artifact Hub's context. This capability could be abused to send requests to internal resources and forward responses to external entities (GitHub Advisory, OPA Docs). The vulnerability has been assigned a CVSS v3.1 base score of 5.3 MEDIUM by NVD and 3.7 LOW by GitHub (NVD).

The vulnerability could allow attackers to abuse the HTTP request capability to send requests to internal resources and exfiltrate responses to external entities, potentially leading to information disclosure or unauthorized access to internal systems (GitHub Advisory).

This vulnerability has been fixed in Artifact Hub version 1.16.0. Users are advised to upgrade to this version or later. There are no known workarounds for this vulnerability (GitHub Advisory).