CVE-2019-10205

6MEDIUM

Key Information:

Vendor: Red Hat
Status: Quay
Vendor: CVE Published:; 2 January 2020

Summary

A flaw was found in the way Red Hat Quay stores robot account tokens in plain text. An attacker able to perform database queries in the Red Hat Quay database could use the tokens to read or write container images stored in the registry.

Affected Version(s)

quay

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10205

x_refsource_CONFIRM

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 2, 2020
Vulnerability Reserved
Mar 27, 2019