CVE-2019-10205

CWE-522Insufficiently Protected Credentials5 documents5 sources
Severity
6.3MEDIUM
EPSS
0.1%
top 70.82%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
RED HAT QuayRedhat Quay
Timeline
PublishedJan 2
Latest updateMay 24

Description

A flaw was found in the way Red Hat Quay stores robot account tokens in plain text. An attacker able to perform database queries in the Red Hat Quay database could use the tokens to read or write container images stored in the registry.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:HExploitability: 0.8 | Impact: 5.5

Affected Packages2 packages

NVDredhat/quay3.0.0
CVEListV5red_hat/quayn/a

🔴Vulnerability Details

2
GHSA
GHSA-hc7v-pwgp-8mp6: A flaw was found in the way Red Hat Quay stores robot account tokens in plain text2022-05-24
CVEList
CVE-2019-10205: A flaw was found in the way Red Hat Quay stores robot account tokens in plain text2020-01-02

📋Vendor Advisories

1
Red Hat
quay: Red Hat Quay stores robot account tokens in plain text2019-09-18

💬Community

1
Bugzilla
CVE-2019-10205 quay: Red Hat Quay stores robot account tokens in plain text2019-07-23