Products
Quay
Source
secalert@redhat.com
Tags
CVE-2024-3624 details
Published : April 25, 2024, 6:15 p.m.
Last Modified : April 25, 2024, 6:15 p.m.
Last Modified : April 25, 2024, 6:15 p.m.
Description
A flaw was found in how Quay's database is stored in plain-text in mirror-registry on the jinja's config.yaml file. This flaw allows a malicious actor with access to this file to gain access to Quay's database.
CVSS Score
1 | 2 | 3 | 4 | 5 | 6 | 7.3 | 8 | 9 | 10 |
---|
Weakness
Weakness | Name | Description |
---|
CVSS Data
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Privileges Required
LOW
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
Base Score
7.3
Exploitability Score
Impact Score
Base Severity
HIGH
Vector String : CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
References
URL | Source |
---|---|
https://access.redhat.com/security/cve/CVE-2024-3624 | secalert@redhat.com |
https://bugzilla.redhat.com/show_bug.cgi?id=2274407 | secalert@redhat.com |
This website uses the NVD API, but is not approved or certified by it.