CVE-2025-4374
published 2025-05-06CVE-2025-4374: A flaw was found in Quay. When an organization acts as a proxy cache, and a user or robot pulls an image that hasn't been mirrored yet, they are granted…
medium6.5CVSS 3.1
AVNACLPRNUINSUCLILAN
A flaw was found in Quay. When an organization acts as a proxy cache, and a user or robot pulls an image that hasn't been mirrored yet, they are granted "Admin" permissions on the newly created repository.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| project_quay | quay | < 3.11.11 | 3.11.11 |
| project_quay | quay | >= 2.14.0 < 3.14.2 | 3.14.2 |
| project_quay | quay | >= 3.12.0 < 3.12.10 | 3.12.10 |
| redhat | quay | <= 3.14.0 | — |