CVE-2024-3625 (GCVE-0-2024-3625)

Vulnerability from cvelistv5 – Published: 2024-04-25 17:46 – Updated: 2025-11-20 18:38
VLAI?
Title
Mirror-registry: redis password stored in plain-text
Summary
A flaw was found in Quay, where Quay's database is stored in plain text in mirror-registry on Jinja's config.yaml file. This issue leaves the possibility of a malicious actor with access to this file to gain access to Quay's Redis instance.
Severity ?
7.3 (High)
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
CWE
  • CWE-256 - Plaintext Storage of a Password
Assigner
References
Impacted products
Vendor Product Version
Credits
Red Hat would like to thank Solomon Roberts (BadgerOps.net works) for reporting this issue.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-3625",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-25T19:19:11.675831Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-24T17:42:22.595Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T20:19:59.530Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2024-3625"
          },
          {
            "name": "RHBZ#2274408",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274408"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://github.com/quay/mirror-registry",
          "defaultStatus": "affected",
          "packageName": "mirror-registry"
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:mirror_registry:1"
          ],
          "defaultStatus": "affected",
          "packageName": "mirror-registry-container",
          "product": "mirror registry for Red Hat OpenShift",
          "vendor": "Red Hat"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Solomon Roberts (BadgerOps.net works) for reporting this issue."
        }
      ],
      "datePublic": "2024-04-10T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in Quay, where Quay\u0027s database is stored in plain text in mirror-registry on Jinja\u0027s config.yaml file. This issue leaves the possibility of a malicious actor with access to this file to gain access to Quay\u0027s Redis instance."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-256",
              "description": "Plaintext Storage of a Password",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-20T18:38:39.088Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2024-3625"
        },
        {
          "name": "RHBZ#2274408",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274408"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-04-10T00:00:00+00:00",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2024-04-10T00:00:00+00:00",
          "value": "Made public."
        }
      ],
      "title": "Mirror-registry: redis password stored in plain-text",
      "x_redhatCweChain": "CWE-256: Plaintext Storage of a Password"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2024-3625",
    "datePublished": "2024-04-25T17:46:52.179Z",
    "dateReserved": "2024-04-10T18:03:06.061Z",
    "dateUpdated": "2025-11-20T18:38:39.088Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A flaw was found in Quay, where Quay\u0027s database is stored in plain text in mirror-registry on Jinja\u0027s config.yaml file. This issue leaves the possibility of a malicious actor with access to this file to gain access to Quay\u0027s Redis instance.\"}, {\"lang\": \"es\", \"value\": \"Se encontr\\u00f3 una falla en Quay, donde la base de datos de Quay se almacena en texto plano en el registro espejo en el archivo config.yaml de Jinja. Este problema deja la posibilidad de que un actor malicioso con acceso a este archivo obtenga acceso a la instancia de Redis de Quay.\"}]",
      "id": "CVE-2024-3625",
      "lastModified": "2024-11-21T09:30:01.103",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"secalert@redhat.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N\", \"baseScore\": 7.3, \"baseSeverity\": \"HIGH\", \"attackVector\": \"ADJACENT_NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.1, \"impactScore\": 5.2}]}",
      "published": "2024-04-25T18:15:10.360",
      "references": "[{\"url\": \"https://access.redhat.com/security/cve/CVE-2024-3625\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2274408\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://access.redhat.com/security/cve/CVE-2024-3625\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2274408\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "secalert@redhat.com",
      "vulnStatus": "Awaiting Analysis",
      "weaknesses": "[{\"source\": \"secalert@redhat.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-256\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-3625\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2024-04-25T18:15:10.360\",\"lastModified\":\"2024-11-21T09:30:01.103\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A flaw was found in Quay, where Quay\u0027s database is stored in plain text in mirror-registry on Jinja\u0027s config.yaml file. This issue leaves the possibility of a malicious actor with access to this file to gain access to Quay\u0027s Redis instance.\"},{\"lang\":\"es\",\"value\":\"Se encontr\u00f3 una falla en Quay, donde la base de datos de Quay se almacena en texto plano en el registro espejo en el archivo config.yaml de Jinja. Este problema deja la posibilidad de que un actor malicioso con acceso a este archivo obtenga acceso a la instancia de Redis de Quay.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N\",\"baseScore\":7.3,\"baseSeverity\":\"HIGH\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.1,\"impactScore\":5.2}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-256\"}]}],\"references\":[{\"url\":\"https://access.redhat.com/security/cve/CVE-2024-3625\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2274408\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/security/cve/CVE-2024-3625\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2274408\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://access.redhat.com/security/cve/CVE-2024-3625\", \"tags\": [\"vdb-entry\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2274408\", \"name\": \"RHBZ#2274408\", \"tags\": [\"issue-tracking\", \"x_refsource_REDHAT\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-01T20:19:59.530Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-3625\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-04-25T19:19:11.675831Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-04-25T19:19:26.334Z\"}}], \"cna\": {\"title\": \"Mirror-registry: redis password stored in plain-text\", \"credits\": [{\"lang\": \"en\", \"value\": \"Red Hat would like to thank Solomon Roberts (BadgerOps.net works) for reporting this issue.\"}], \"metrics\": [{\"other\": {\"type\": \"Red Hat severity rating\", \"content\": {\"value\": \"Moderate\", \"namespace\": \"https://access.redhat.com/security/updates/classification/\"}}}, {\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.3, \"attackVector\": \"ADJACENT_NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"packageName\": \"mirror-registry\", \"collectionURL\": \"https://github.com/quay/mirror-registry\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:mirror_registry:1\"], \"vendor\": \"Red Hat\", \"product\": \"mirror registry for Red Hat OpenShift\", \"packageName\": \"mirror-registry-container\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2024-04-10T00:00:00+00:00\", \"value\": \"Reported to Red Hat.\"}, {\"lang\": \"en\", \"time\": \"2024-04-10T00:00:00+00:00\", \"value\": \"Made public.\"}], \"datePublic\": \"2024-04-10T00:00:00.000Z\", \"references\": [{\"url\": \"https://access.redhat.com/security/cve/CVE-2024-3625\", \"tags\": [\"vdb-entry\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2274408\", \"name\": \"RHBZ#2274408\", \"tags\": [\"issue-tracking\", \"x_refsource_REDHAT\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A flaw was found in Quay, where Quay\u0027s database is stored in plain text in mirror-registry on Jinja\u0027s config.yaml file. This issue leaves the possibility of a malicious actor with access to this file to gain access to Quay\u0027s Redis instance.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-256\", \"description\": \"Plaintext Storage of a Password\"}]}], \"providerMetadata\": {\"orgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"shortName\": \"redhat\", \"dateUpdated\": \"2025-11-20T18:38:39.088Z\"}, \"x_redhatCweChain\": \"CWE-256: Plaintext Storage of a Password\"}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-3625\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-11-20T18:38:39.088Z\", \"dateReserved\": \"2024-04-10T18:03:06.061Z\", \"assignerOrgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"datePublished\": \"2024-04-25T17:46:52.179Z\", \"assignerShortName\": \"redhat\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.