Products
Quay
Source
secalert@redhat.com
Tags
CVE-2024-3623 details
Published : April 25, 2024, 6:15 p.m.
Last Modified : April 25, 2024, 6:15 p.m.
Last Modified : April 25, 2024, 6:15 p.m.
Description
A flaw was found when using mirror-registry to install Quay. It uses a default database secret key, which is stored in plain-text format in one of the configuration template files. This issue may lead to all instances of Quay deployed using mirror-registry to have the same database secret key. This flaw allows a malicious actor to access sensitive information from Quay's database.
CVSS Score
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8.1 | 9 | 10 |
---|
Weakness
Weakness | Name | Description |
---|
CVSS Data
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
Base Score
8.1
Exploitability Score
Impact Score
Base Severity
HIGH
Vector String : CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
References
URL | Source |
---|---|
https://access.redhat.com/security/cve/CVE-2024-3623 | secalert@redhat.com |
https://bugzilla.redhat.com/show_bug.cgi?id=2274404 | secalert@redhat.com |
This website uses the NVD API, but is not approved or certified by it.