Mirror-registry Flaw Exposes Quay Database Secrets
CVE-2024-3623

6.5MEDIUM

Key Information:

Status: Mirror Registry For Red Hat Openshift
Vendor: CVE Published:; 25 April 2024

What is CVE-2024-3623?

A vulnerability exists in Quay's installation process via the mirror-registry, where a default database secret key is inadvertently stored in plain text within a configuration template file. This design flaw permits any instance of Quay deployed through this method to share the same database secret key, potentially compromising sensitive information. If exploited, this vulnerability allows malicious actors to gain unauthorized access to the database, posing significant risks to data integrity and confidentiality.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://access.redhat.com/security/cve/CVE-2024-3623

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2274404

issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 25, 2024

Credit

Red Hat would like to thank Solomon Roberts (BadgerOps.net works) for reporting this issue.

JSON