Redhat Quay vulnerabilities

CVE-2026-6848 [HIGH] CWE-613 CVE-2026-6848: A flaw was found in Red Hat Quay. When Red Hat Quay requests password re-verification for sensitive A flaw was found in Red Hat Quay. When Red Hat Quay requests password re-verification for sensitive operations, such as token generation or robot account creation, the re-authentication prompt can be bypassed. This allows a user with a timed-out session, or an attacker with access to an idle authenticated browser session, to perform privileged actions wi

CVE-2026-32590 [HIGH] CWE-502 CVE-2026-32590: A flaw was found in Red Hat Quay's handling of resumable container image layer uploads. The upload p A flaw was found in Red Hat Quay's handling of resumable container image layer uploads. The upload process stores intermediate data in the database using a format that, if tampered with, could allow an attacker to execute arbitrary code on the Quay server.

CVE-2026-32589 [MEDIUM] CWE-639 CVE-2026-32589: A flaw was found in Red Hat Quay's container image upload process. An authenticated user with push a A flaw was found in Red Hat Quay's container image upload process. An authenticated user with push access to any repository on the registry can interfere with image uploads in progress by other users, including those in repositories they do not have access to. This could allow the attacker to read, modify, or cancel another user's in-progress image

CVE-2026-32591 [MEDIUM] CWE-918 CVE-2026-32591: A flaw was found in Red Hat Quay's Proxy Cache configuration feature. When an organization administr A flaw was found in Red Hat Quay's Proxy Cache configuration feature. When an organization administrator configures an upstream registry for proxy caching, Quay makes a network connection to the specified registry hostname without verifying that it points to a legitimate external service. An attacker with organization administrator privileges could

CVE-2026-2377 [MEDIUM] CWE-918 CVE-2026-2377: A flaw was found in mirror-registry. Authenticated users can exploit the log export feature by provi A flaw was found in mirror-registry. Authenticated users can exploit the log export feature by providing a specially crafted web address (URL). This allows the application's backend to make arbitrary requests to internal network resources, a vulnerability known as Server-Side Request Forgery (SSRF). This could lead to unauthorized access to sensitive

CVE-2026-2376 [MEDIUM] CWE-601 CVE-2026-2376: A flaw was found in mirror-registry where an authenticated user can trick the system into accessing A flaw was found in mirror-registry where an authenticated user can trick the system into accessing unintended internal or restricted systems by providing malicious web addresses. When the application processes these addresses, it automatically follows redirects without verifying the final destination, allowing attackers to route requests to systems t

CVE-2025-4374 [MEDIUM] CWE-266 CVE-2025-4374: A flaw was found in Quay. When an organization acts as a proxy cache, and a user or robot pulls an i A flaw was found in Quay. When an organization acts as a proxy cache, and a user or robot pulls an image that hasn't been mirrored yet, they are granted "Admin" permissions on the newly created repository.

CVE-2024-9683 [MEDIUM] CWE-305 CVE-2024-9683: A vulnerability was found in Quay, which allows successful authentication even when a truncated pass A vulnerability was found in Quay, which allows successful authentication even when a truncated password version is provided. This flaw affects the authentication mechanism, reducing the overall security of password enforcement. While the risk is relatively low due to the typical length of the passwords used (73 characters), this vulnerability can sti

CVE-2024-5891 [MEDIUM] CWE-1390 CVE-2024-5891: A vulnerability was found in Quay. If an attacker can obtain the client ID for an application, they A vulnerability was found in Quay. If an attacker can obtain the client ID for an application, they can use an OAuth token to authenticate despite not having access to the organization from which the application was created. This issue is limited to authentication and not authorization. However, in configurations where endpoints rely only on authentic

CVE-2023-4956 [MEDIUM] CWE-1021 CVE-2023-4956: A flaw was found in Quay. Clickjacking is when an attacker uses multiple transparent or opaque layer A flaw was found in Quay. Clickjacking is when an attacker uses multiple transparent or opaque layers to trick a user into clicking on a button or link on another page when they intend to click on the top-level page. During the pentest, it has been detected that the config-editor page is vulnerable to clickjacking. This flaw allows an attacker to tri

CVE-2023-44487 [HIGH] CWE-400 CVE-2023-44487: The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancell The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

CVE-2023-4959 [MEDIUM] CWE-352 CVE-2023-4959: A flaw was found in Quay. Cross-site request forgery (CSRF) attacks force a user to perform unwanted A flaw was found in Quay. Cross-site request forgery (CSRF) attacks force a user to perform unwanted actions in an application. During the pentest, it was detected that the config-editor page is vulnerable to CSRF. The config-editor page is used to configure the Quay instance. By coercing the victim’s browser into sending an attacker-controlled reques

CVE-2023-3384 [MEDIUM] CWE-79 CVE-2023-3384: A flaw was found in the Quay registry. While the image labels created through Quay undergo validatio A flaw was found in the Quay registry. While the image labels created through Quay undergo validation both in the UI and backend by applying a regex (validation.py), the same validation is not performed when the label comes from an image. This flaw allows an attacker to publish a malicious image to a public registry containing a script that can be exec

CVE-2020-10735 [HIGH] CWE-704 CVE-2020-10735: A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, whe A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int("text"), a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits (float, decimal, int.from_bytes(), and int() for binary bases 2, 4, 8, 16, and 32 are not affected). The highest threat from this vulner

CVE-2022-2447 [MEDIUM] CWE-324 CVE-2022-2447: A flaw was found in Keystone. There is a time lag (up to one hour in a default configuration) betwee A flaw was found in Keystone. There is a time lag (up to one hour in a default configuration) between when security policy says a token should be revoked from when it is actually revoked. This could allow a remote administrator to secretly maintain access for longer than expected.

CVE-2022-1227 [HIGH] CWE-281 CVE-2022-1227: A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the 'podman top' command. This action gives the attacker access to the host filesystem, leading to information disclosure or

CVE-2021-3762 [CRITICAL] CWE-22 CVE-2021-3762: A directory traversal vulnerability was found in the ClairCore engine of Clair. An attacker can expl A directory traversal vulnerability was found in the ClairCore engine of Clair. An attacker can exploit this by supplying a crafted container image which, when scanned by Clair, allows for arbitrary file write on the filesystem, potentially allowing for remote code execution.

CVE-2020-27832 [CRITICAL] CWE-79 CVE-2020-27832: A flaw was found in Red Hat Quay, where it has a persistent Cross-site Scripting (XSS) vulnerability A flaw was found in Red Hat Quay, where it has a persistent Cross-site Scripting (XSS) vulnerability when displaying a repository's notification. This flaw allows an attacker to trick a user into performing a malicious action to impersonate the target user. The highest threat from this vulnerability is to confidentiality, integrity, as well as syst

CVE-2020-27831 [MEDIUM] CWE-284 CVE-2020-27831: A flaw was found in Red Hat Quay, where it does not properly protect the authorization token when au A flaw was found in Red Hat Quay, where it does not properly protect the authorization token when authorizing email addresses for repository email notifications. This flaw allows an attacker to add email addresses they do not own to repository notifications.

CVE-2019-3867 [MEDIUM] CWE-613 CVE-2019-3867: A vulnerability was found in the Quay web application. Sessions in the Quay web application never ex A vulnerability was found in the Quay web application. Sessions in the Quay web application never expire. An attacker, able to gain access to a session, could use it to control or delete a user's container repository. Red Hat Quay 2 and 3 are vulnerable to this issue.