Total
25 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-2447 | 2 Openstack, Redhat | 5 Keystone, Openstack, Openstack Platform and 2 more | 2022-10-01 | N/A | 6.6 MEDIUM |
| A flaw was found in Keystone. There is a time lag (up to one hour in a default configuration) between when security policy says a token should be revoked from when it is actually revoked. This could allow a remote administrator to secretly maintain access for longer than expected. | |||||
| CVE-2020-14313 | 1 Redhat | 1 Quay | 2021-07-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| An information disclosure vulnerability was found in Red Hat Quay in versions before 3.3.1. This flaw allows an attacker who can create a build trigger in a repository, to disclose the names of robot accounts and the existence of private repositories within any namespace. | |||||
| CVE-2020-27832 | 1 Redhat | 1 Quay | 2021-06-08 | 6.0 MEDIUM | 9.0 CRITICAL |
| A flaw was found in Red Hat Quay, where it has a persistent Cross-site Scripting (XSS) vulnerability when displaying a repository's notification. This flaw allows an attacker to trick a user into performing a malicious action to impersonate the target user. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. | |||||
| CVE-2019-3867 | 1 Redhat | 1 Quay | 2021-03-25 | 4.4 MEDIUM | 4.1 MEDIUM |
| A vulnerability was found in the Quay web application. Sessions in the Quay web application never expire. An attacker, able to gain access to a session, could use it to control or delete a user's container repository. Red Hat Quay 2 and 3 are vulnerable to this issue. | |||||
| CVE-2019-3864 | 1 Redhat | 1 Quay | 2020-02-05 | 6.8 MEDIUM | 8.8 HIGH |
| A vulnerability was discovered in all quay-2 versions before quay-3.0.0, in the Quay web GUI where POST requests include a specific parameter which is used as a CSRF token. The token is not refreshed for every request or when a user logged out and in again. An attacker could use a leaked token to gain access to the system using the user's account. | |||||