← Voltar para CVEs
CVE-2019-10205
MEDIUM6.3
Descricao
A flaw was found in the way Red Hat Quay stores robot account tokens in plain text. An attacker able to perform database queries in the Red Hat Quay database could use the tokens to read or write container images stored in the registry.
Detalhes CVE
Pontuacao CVSS v3.16.3
SeveridadeMEDIUM
Vetor CVSSCVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H
Vetor de ataqueLOCAL
ComplexidadeLOW
Privilegios necessariosHIGH
Interacao do usuarioNONE
Publicado1/2/2020
Ultima modificacao11/21/2024
Fontenvd
Avistamentos honeypot0
Produtos afetados
redhat:quay
Fraquezas (CWE)
CWE-522CWE-522
Referencias
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10205(secalert@redhat.com)
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10205(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.