← Volver a CVEs
CVE-2019-10205
MEDIUM6.3
Descripcion
A flaw was found in the way Red Hat Quay stores robot account tokens in plain text. An attacker able to perform database queries in the Red Hat Quay database could use the tokens to read or write container images stored in the registry.
Detalles CVE
Puntuacion CVSS v3.16.3
SeveridadMEDIUM
Vector CVSSCVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H
Vector de ataqueLOCAL
ComplejidadLOW
Privilegios requeridosHIGH
Interaccion usuarioNONE
Publicado1/2/2020
Ultima modificacion11/21/2024
Fuentenvd
Avistamientos honeypot0
Productos afectados
redhat:quay
Debilidades (CWE)
CWE-522CWE-522
Referencias
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10205(secalert@redhat.com)
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10205(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.