Mirror Registry For Red Hat Openshift 2
Monthly
Server-Side Request Forgery (SSRF) in Red Hat Quay's Proxy Cache configuration allows authenticated organization administrators to force the Quay server to make unvalidated network requests to internal services, cloud infrastructure endpoints, or otherwise restricted resources by supplying a crafted upstream registry hostname. With CVSS 5.2 and high confidentiality impact, this vulnerability requires administrator privileges and user interaction but poses significant risk to internal network exposure; no public exploit code or active exploitation (KEV) confirmed at time of analysis.
Authenticated remote code execution in Red Hat Quay 3 and Mirror Registry for Red Hat OpenShift arises from unsafe deserialization (CWE-502) of resumable container image layer upload state stored in the database. An attacker with the privileges needed to initiate image uploads can tamper with intermediate upload data to execute arbitrary code on the Quay server. No public exploit identified at time of analysis; EPSS is low (0.06%) and CISA SSVC marks exploitation status as none, though technical impact is rated total.
Red Hat Quay's container image upload mechanism allows authenticated users with push privileges to interfere with concurrent uploads by other users across the entire registry, enabling unauthorized read, modification, or cancellation of in-progress uploads in repositories they cannot access. This cross-repository attack vector affects Red Hat Quay 3.x and Mirror Registry deployments. EPSS score of 0.03% (8th percentile) indicates low predicted exploitation probability in the wild, and CISA SSVC framework rates this as non-automatable with no known exploitation, suggesting targeted risk rather than widespread threat despite the 7.4 CVSS score.
OpenShift Mirror Registry leaks valid usernames and email addresses through inconsistent error messages during authentication and account creation, enabling unauthenticated remote attackers to enumerate registered users. CVSS score of 5.3 reflects the low confidentiality impact with no authentication required and low attack complexity; no public exploit code or active exploitation has been confirmed at time of analysis.
Server-side request forgery (SSRF) in Red Hat Mirror Registry and Red Hat Quay 3.x allows authenticated users to conduct arbitrary requests to internal network resources via a specially crafted URL in the log export feature, potentially exposing sensitive information and compromising internal systems. CVSS 6.5 (medium severity) with confirmed authentication requirement and high confidentiality impact. No active exploitation or public exploit code identified at time of analysis.
Server-Side Request Forgery (SSRF) in Red Hat Quay's Proxy Cache configuration allows authenticated organization administrators to force the Quay server to make unvalidated network requests to internal services, cloud infrastructure endpoints, or otherwise restricted resources by supplying a crafted upstream registry hostname. With CVSS 5.2 and high confidentiality impact, this vulnerability requires administrator privileges and user interaction but poses significant risk to internal network exposure; no public exploit code or active exploitation (KEV) confirmed at time of analysis.
Authenticated remote code execution in Red Hat Quay 3 and Mirror Registry for Red Hat OpenShift arises from unsafe deserialization (CWE-502) of resumable container image layer upload state stored in the database. An attacker with the privileges needed to initiate image uploads can tamper with intermediate upload data to execute arbitrary code on the Quay server. No public exploit identified at time of analysis; EPSS is low (0.06%) and CISA SSVC marks exploitation status as none, though technical impact is rated total.
Red Hat Quay's container image upload mechanism allows authenticated users with push privileges to interfere with concurrent uploads by other users across the entire registry, enabling unauthorized read, modification, or cancellation of in-progress uploads in repositories they cannot access. This cross-repository attack vector affects Red Hat Quay 3.x and Mirror Registry deployments. EPSS score of 0.03% (8th percentile) indicates low predicted exploitation probability in the wild, and CISA SSVC framework rates this as non-automatable with no known exploitation, suggesting targeted risk rather than widespread threat despite the 7.4 CVSS score.
OpenShift Mirror Registry leaks valid usernames and email addresses through inconsistent error messages during authentication and account creation, enabling unauthenticated remote attackers to enumerate registered users. CVSS score of 5.3 reflects the low confidentiality impact with no authentication required and low attack complexity; no public exploit code or active exploitation has been confirmed at time of analysis.
Server-side request forgery (SSRF) in Red Hat Mirror Registry and Red Hat Quay 3.x allows authenticated users to conduct arbitrary requests to internal network resources via a specially crafted URL in the log export feature, potentially exposing sensitive information and compromising internal systems. CVSS 6.5 (medium severity) with confirmed authentication requirement and high confidentiality impact. No active exploitation or public exploit code identified at time of analysis.