← Retour aux CVEs
CVE-2019-10205
MEDIUM6.3
Description
A flaw was found in the way Red Hat Quay stores robot account tokens in plain text. An attacker able to perform database queries in the Red Hat Quay database could use the tokens to read or write container images stored in the registry.
Details CVE
Score CVSS v3.16.3
SeveriteMEDIUM
Vecteur CVSSCVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H
Vecteur d'attaqueLOCAL
ComplexiteLOW
Privileges requisHIGH
Interaction utilisateurNONE
Publie1/2/2020
Derniere modification11/21/2024
Sourcenvd
Observations honeypot0
Produits affectes
redhat:quay
Faiblesses (CWE)
CWE-522CWE-522
References
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10205(secalert@redhat.com)
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10205(af854a3a-2127-422b-91ae-364da2661108)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.