CVE-2020-14313

CWE-200 — Information Exposure5 documents5 sources

Severity

4.3MEDIUM

EPSS

0.2%

top 59.23%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Quay

Timeline

PublishedAug 11

Latest updateMay 24

Description

An information disclosure vulnerability was found in Red Hat Quay in versions before 3.3.1. This flaw allows an attacker who can create a build trigger in a repository, to disclose the names of robot accounts and the existence of private repositories within any namespace.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

▶NVDredhat/quay< 3.3.1

▶CVEListV5quayQuay versions before 3.3.1

🔴Vulnerability Details

GHSA

GHSA-qp9w-fqwx-r4j3: An information disclosure vulnerability was found in Red Hat Quay in versions before 3↗2022-05-24

▶

CVEList

CVE-2020-14313: An information disclosure vulnerability was found in Red Hat Quay in versions before 3↗2020-08-11

▶

📋Vendor Advisories

Red Hat

quay: build triggers can disclose robot account names and existence of private repos within namespaces↗2020-07-06

▶

💬Community

Bugzilla

CVE-2020-14313 quay: build triggers can disclose robot account names and existence of private repos within namespaces↗2020-07-01

▶