Lucene search

Redhat.comRH:CVE-2024-3624

HistoryApr 10, 2024 - 9:22 p.m.

CVE-2024-3624

2024-04-1021:22:36

redhat.com

access.redhat.com

quay

database

storage

plain-text

mirror-registry

jinja

config.yaml

flaw

malicious actor

access

CVSS3

7.3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

AI Score

6.9

Confidence

Low

EPSS

Percentile

9.0%

JSON

A flaw was found in how Quay’s database is stored in plain-text in mirror-registry on the jinja’s config.yaml file. This flaw allows a malicious actor with access to this file to gain access to Quay’s database.

References

bugzilla.redhat.com/show_bug.cgi?id=2274407

nvd.nist.gov/vuln/detail/CVE-2024-3624

www.cve.org/CVERecord?id=CVE-2024-3624

CVSS3

7.3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

AI Score

6.9

Confidence

Low

EPSS

Percentile

9.0%

JSON

Related for RH:CVE-2024-3624