CVE-2026-32589 Mirror-registry: quay: insecure direct object reference in blobupload

A flaw was found in Red Hat Quay's container image upload process. An authenticated user with push access to any repository on the registry can interfere with image uploads in progress by other users, including those in repositories they do not have access to. This could allow the attacker to rea...

CVE-2026-32589

CVE-2026-32589 concerns Red Hat Quay, where an authenticated user with push access to any repository can interfere with in-progress image uploads of other users due to an insecure direct object reference in the blobupload process. The issue enables reading, modification, or cancellation of anothe...

EUVD-2023-44051

Malicious code in bioql PyPI...

Mirror Registry 安全漏洞

Mirror Registry is a QUAY open source standalone registry for installing mirror images for Openshift. A security vulnerability exists in Mirror Registry that stems from improperly written permissions in the /etc/passwd file, which could lead to elevated privileges...

CVE-2023-3384

A flaw was found in the Quay registry. While the image labels created through Quay undergo validation both in the UI and backend by applying a regex validation.py, the same validation is not performed when the label comes from an image. This flaw allows an attacker to publish a malicious image to...

CVE-2023-3384

A flaw was found in the Quay registry. While the image labels created through Quay undergo validation both in the UI and backend by applying a regex validation.py, the same validation is not performed when the label comes from an image. This flaw allows an attacker to publish a malicious image to...

Cross site scripting

A flaw was found in the Quay registry. While the image labels created through Quay undergo validation both in the UI and backend by applying a regex validation.py, the same validation is not performed when the label comes from an image. This flaw allows an attacker to publish a malicious image to...

CVE-2023-3384

Technical details about CVE-2023-3384 (affected product/version, root cause, impact, fix) are not provided in the connected documents; monitor for updates.

CVE-2023-3384 Quay: stored cross site scripting

A flaw was found in the Quay registry. While the image labels created through Quay undergo validation both in the UI and backend by applying a regex validation.py, the same validation is not performed when the label comes from an image. This flaw allows an attacker to publish a malicious image to...

CVE-2023-3384

A flaw was found in the Quay registry. While the image labels created through Quay undergo validation both in the UI and backend by applying a regex validation.py, the same validation is not performed when the label comes from an image. This flaw allows an attacker to publish a malicious image to...