← Back to CVEs
CVE-2019-10205
MEDIUM6.3
Description
A flaw was found in the way Red Hat Quay stores robot account tokens in plain text. An attacker able to perform database queries in the Red Hat Quay database could use the tokens to read or write container images stored in the registry.
CVE Details
CVSS v3.1 Score6.3
SeverityMEDIUM
CVSS VectorCVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H
Attack VectorLOCAL
ComplexityLOW
Privileges RequiredHIGH
User InteractionNONE
Published1/2/2020
Last Modified11/21/2024
Sourcenvd
Honeypot Sightings0
Affected Products
redhat:quay
Weaknesses (CWE)
CWE-522CWE-522
References
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10205(secalert@redhat.com)
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10205(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.