GSD-2024-3625

Vulnerability from gsd - Updated: 2024-04-11 05:03
Details
A flaw was found in Quay, where Quay's database is stored in plain text in mirror-registry on Jinja's config.yaml file. This issue leaves the possibility of a malicious actor with access to this file to gain access to Quay's Redis instance.
Aliases
To clipboard 

{
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2024-3625"
      ],
      "details": "A flaw was found in Quay, where Quay\u0027s database is stored in plain text in mirror-registry on Jinja\u0027s config.yaml file. This issue leaves the possibility of a malicious actor with access to this file to gain access to Quay\u0027s Redis instance.",
      "id": "GSD-2024-3625",
      "modified": "2024-04-11T05:03:27.366319Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2024-3625",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "mirror registry for Red Hat OpenShift",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "not down converted",
                          "x_cve_json_5_version_data": {
                            "defaultStatus": "affected"
                          }
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Red Hat"
            }
          ]
        }
      },
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Solomon Roberts (BadgerOps.net works) for reporting this issue."
        }
      ],
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A flaw was found in Quay, where Quay\u0027s database is stored in plain text in mirror-registry on Jinja\u0027s config.yaml file. This issue leaves the possibility of a malicious actor with access to this file to gain access to Quay\u0027s Redis instance."
          }
        ]
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-256",
                "lang": "eng",
                "value": "Plaintext Storage of a Password"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://access.redhat.com/security/cve/CVE-2024-3625",
            "refsource": "MISC",
            "url": "https://access.redhat.com/security/cve/CVE-2024-3625"
          },
          {
            "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2274408",
            "refsource": "MISC",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274408"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "descriptions": [
          {
            "lang": "en",
            "value": "A flaw was found in Quay, where Quay\u0027s database is stored in plain text in mirror-registry on Jinja\u0027s config.yaml file. This issue leaves the possibility of a malicious actor with access to this file to gain access to Quay\u0027s Redis instance."
          },
          {
            "lang": "es",
            "value": "Se encontr\u00f3 una falla en Quay, donde la base de datos de Quay se almacena en texto plano en el registro espejo en el archivo config.yaml de Jinja. Este problema deja la posibilidad de que un actor malicioso con acceso a este archivo obtenga acceso a la instancia de Redis de Quay."
          }
        ],
        "id": "CVE-2024-3625",
        "lastModified": "2024-04-26T12:58:17.720",
        "metrics": {
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "exploitabilityScore": 2.1,
              "impactScore": 5.2,
              "source": "secalert@redhat.com",
              "type": "Secondary"
            }
          ]
        },
        "published": "2024-04-25T18:15:10.360",
        "references": [
          {
            "source": "secalert@redhat.com",
            "url": "https://access.redhat.com/security/cve/CVE-2024-3625"
          },
          {
            "source": "secalert@redhat.com",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274408"
          }
        ],
        "sourceIdentifier": "secalert@redhat.com",
        "vulnStatus": "Awaiting Analysis",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-256"
              }
            ],
            "source": "secalert@redhat.com",
            "type": "Primary"
          }
        ]
      }
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.