Redhat Quay vulnerabilities

CVE-2025-4374 [MEDIUM] CWE-266 CVE-2025-4374: A flaw was found in Quay. When an organization acts as a proxy cache, and a user or robot pulls an i A flaw was found in Quay. When an organization acts as a proxy cache, and a user or robot pulls an image that hasn't been mirrored yet, they are granted "Admin" permissions on the newly created repository.

CVE-2024-9683 [MEDIUM] CWE-305 CVE-2024-9683: A vulnerability was found in Quay, which allows successful authentication even when a truncated pass A vulnerability was found in Quay, which allows successful authentication even when a truncated password version is provided. This flaw affects the authentication mechanism, reducing the overall security of password enforcement. While the risk is relatively low due to the typical length of the passwords used (73 characters), this vulnerability can sti

CVE-2024-5891 [MEDIUM] CWE-1390 CVE-2024-5891: A vulnerability was found in Quay. If an attacker can obtain the client ID for an application, they A vulnerability was found in Quay. If an attacker can obtain the client ID for an application, they can use an OAuth token to authenticate despite not having access to the organization from which the application was created. This issue is limited to authentication and not authorization. However, in configurations where endpoints rely only on authentic

CVE-2023-4956 [MEDIUM] CWE-1021 CVE-2023-4956: A flaw was found in Quay. Clickjacking is when an attacker uses multiple transparent or opaque layer A flaw was found in Quay. Clickjacking is when an attacker uses multiple transparent or opaque layers to trick a user into clicking on a button or link on another page when they intend to click on the top-level page. During the pentest, it has been detected that the config-editor page is vulnerable to clickjacking. This flaw allows an attacker to tri

CVE-2023-44487 [HIGH] CWE-400 CVE-2023-44487: The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancell The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

CVE-2023-4959 [MEDIUM] CWE-352 CVE-2023-4959: A flaw was found in Quay. Cross-site request forgery (CSRF) attacks force a user to perform unwanted A flaw was found in Quay. Cross-site request forgery (CSRF) attacks force a user to perform unwanted actions in an application. During the pentest, it was detected that the config-editor page is vulnerable to CSRF. The config-editor page is used to configure the Quay instance. By coercing the victim’s browser into sending an attacker-controlled reques

CVE-2023-3384 [MEDIUM] CWE-79 CVE-2023-3384: A flaw was found in the Quay registry. While the image labels created through Quay undergo validatio A flaw was found in the Quay registry. While the image labels created through Quay undergo validation both in the UI and backend by applying a regex (validation.py), the same validation is not performed when the label comes from an image. This flaw allows an attacker to publish a malicious image to a public registry containing a script that can be exec

CVE-2020-10735 [HIGH] CWE-704 CVE-2020-10735: A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, whe A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int("text"), a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits (float, decimal, int.from_bytes(), and int() for binary bases 2, 4, 8, 16, and 32 are not affected). The highest threat from this vulner

CVE-2022-2447 [MEDIUM] CWE-324 CVE-2022-2447: A flaw was found in Keystone. There is a time lag (up to one hour in a default configuration) betwee A flaw was found in Keystone. There is a time lag (up to one hour in a default configuration) between when security policy says a token should be revoked from when it is actually revoked. This could allow a remote administrator to secretly maintain access for longer than expected.

CVE-2022-1227 [HIGH] CWE-281 CVE-2022-1227: A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the 'podman top' command. This action gives the attacker access to the host filesystem, leading to information disclosure or

CVE-2021-3762 [CRITICAL] CWE-22 CVE-2021-3762: A directory traversal vulnerability was found in the ClairCore engine of Clair. An attacker can expl A directory traversal vulnerability was found in the ClairCore engine of Clair. An attacker can exploit this by supplying a crafted container image which, when scanned by Clair, allows for arbitrary file write on the filesystem, potentially allowing for remote code execution.

CVE-2020-27832 [CRITICAL] CWE-79 CVE-2020-27832: A flaw was found in Red Hat Quay, where it has a persistent Cross-site Scripting (XSS) vulnerability A flaw was found in Red Hat Quay, where it has a persistent Cross-site Scripting (XSS) vulnerability when displaying a repository's notification. This flaw allows an attacker to trick a user into performing a malicious action to impersonate the target user. The highest threat from this vulnerability is to confidentiality, integrity, as well as syst

CVE-2020-27831 [MEDIUM] CWE-284 CVE-2020-27831: A flaw was found in Red Hat Quay, where it does not properly protect the authorization token when au A flaw was found in Red Hat Quay, where it does not properly protect the authorization token when authorizing email addresses for repository email notifications. This flaw allows an attacker to add email addresses they do not own to repository notifications.

CVE-2019-3867 [MEDIUM] CWE-613 CVE-2019-3867: A vulnerability was found in the Quay web application. Sessions in the Quay web application never ex A vulnerability was found in the Quay web application. Sessions in the Quay web application never expire. An attacker, able to gain access to a session, could use it to control or delete a user's container repository. Red Hat Quay 2 and 3 are vulnerable to this issue.

CVE-2020-14313 [MEDIUM] CVE-2020-14313: An information disclosure vulnerability was found in Red Hat Quay in versions before 3.3.1. This fla An information disclosure vulnerability was found in Red Hat Quay in versions before 3.3.1. This flaw allows an attacker who can create a build trigger in a repository, to disclose the names of robot accounts and the existence of private repositories within any namespace.

CVE-2019-3865 [MEDIUM] CWE-79 CVE-2019-3865: A vulnerability was found in quay-2, where a stored XSS vulnerability has been found in the super us A vulnerability was found in quay-2, where a stored XSS vulnerability has been found in the super user function of quay. Attackers are able to use the name field of service key to inject scripts and make it run when admin users try to change the name.

CVE-2019-3864 [HIGH] CWE-352 CVE-2019-3864: A vulnerability was discovered in all quay-2 versions before quay-3.0.0, in the Quay web GUI where P A vulnerability was discovered in all quay-2 versions before quay-3.0.0, in the Quay web GUI where POST requests include a specific parameter which is used as a CSRF token. The token is not refreshed for every request or when a user logged out and in again. An attacker could use a leaked token to gain access to the system using the user's account.

CVE-2019-10205 [MEDIUM] CWE-522 CVE-2019-10205: A flaw was found in the way Red Hat Quay stores robot account tokens in plain text. An attacker able A flaw was found in the way Red Hat Quay stores robot account tokens in plain text. An attacker able to perform database queries in the Red Hat Quay database could use the tokens to read or write container images stored in the registry.

CVE-2019-9515 [HIGH] CWE-400 CVE-2019-9515: Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of s Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with one acknowledgement per SETTINGS frame, an empty SETTINGS frame is almost equivalent in behavior to a ping. Depending on how efficiently th

CVE-2019-9517 [HIGH] CWE-400 CVE-2019-9517: Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially lead Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually write (many of) the bytes on the wire. The attacker then sends a stream of requ