2 matches found
CVE-2024-3624
CVE-2024-3624 concerns Quay’s mirror-registry where database credentials are stored in plain-text in the Jinja config.yaml. The issue, documented in multiple sources, states that a malicious actor with access to that file can gain access to Quay’s database. The connected PT-2024-3593 advisory con...
CVE-2024-3624 Mirror-registry: database user and password stored in plain-text
A flaw was found in how Quay's database is stored in plain-text in mirror-registry on the jinja's config.yaml file. This flaw allows a malicious actor with access to this file to gain access to Quay's database...