Token Storage Vulnerability in Red Hat Quay
CVE-2019-10205

6MEDIUM

Key Information:

Vendor: Red Hat
Status: Quay
Vendor: CVE Published:; 2 January 2020

What is CVE-2019-10205?

A vulnerability exists in Red Hat Quay related to the storage of robot account tokens in plain text within the database. This flaw could enable an attacker with the capability to execute database queries to exploit the tokens, potentially granting them the ability to read or write container images stored within the registry. This raises significant security concerns regarding unauthorized access to sensitive container images.

Affected Version(s)

quay

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10205

x_refsource_CONFIRM

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 2, 2020
Vulnerability Reserved
Mar 27, 2019