Lucene search

[email protected]NVD:CVE-2024-3624

HistoryApr 25, 2024 - 6:15 p.m.

CVE-2024-3624

2024-04-2518:15:10

CWE-256

[email protected]

web.nvd.nist.gov

flaw

quay

database

storage

unauthorized access

CVSS3

7.3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

EPSS

Percentile

9.0%

JSON

A flaw was found in how Quay’s database is stored in plain-text in mirror-registry on the jinja’s config.yaml file. This flaw allows a malicious actor with access to this file to gain access to Quay’s database.

References

access.redhat.com/security/cve/CVE-2024-3624

bugzilla.redhat.com/show_bug.cgi?id=2274407

CVSS3

7.3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

EPSS

Percentile

9.0%

JSON

Related for NVD:CVE-2024-3624

redhatcve1 cve1 vulnrichment1 cvelist1