3 matches found
CVE-2024-3623
CVE-2024-3623 describes a flaw in using mirror-registry to install Quay where a default database secret key is stored in plain text within a configuration template. This can cause all Quay instances deployed via mirror-registry to share the same database secret key, enabling a malicious actor to ...
CVE-2024-3622
CVE-2024-3622 affects Quay deployments using mirror-registry, where a default secret is stored in plain-text in a configuration template. This enables an attacker to craft session cookies and potentially gain access to the affected Quay instance. The vulnerability is rooted in the reuse of the sa...
CVE-2026-2376
CVE-2026-2376 affects mirror-registry. The issue arises when an authenticated user supplies malicious web addresses; the application follows redirects without verifying the final destination, enabling requests to be routed to unintended internal or restricted systems. Documented impact is exposur...