Mirror-registry Flaw Affects Quay Instances, Leading to Session Cookie Tampering
CVE-2024-3622

8.8HIGH

Key Information:

Status: Mirror Registry For Red Hat Openshift
Vendor: CVE Published:; 25 April 2024

What is CVE-2024-3622?

A vulnerability exists in Red Hat's Quay product related to the installation process utilizing mirror-registry. The issue stems from the use of a default secret, which is stored in plaintext within one of the configuration template files. This oversight can result in all Quay instances deployed through mirror-registry sharing the same secret key. Consequently, this flaw may allow malicious actors to fabricate session cookies, potentially leading to unauthorized access to the affected Quay instance. It is crucial for users of Quay to review their configuration settings and implement secure practices to mitigate this risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://access.redhat.com/security/cve/CVE-2024-3622

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2274400

issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 25, 2024

Credit

Red Hat would like to thank Solomon Roberts (BadgerOps.net works) for reporting this issue.

JSON

What is CVE-2024-3622?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.