Red Hat Mirror Registry
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Red Hat Mirror Registry.
By the Year
In 2026 there have been 0 vulnerabilities in Red Hat Mirror Registry. Last year, in 2025 Mirror Registry had 2 security vulnerabilities published. Right now, Mirror Registry is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 2 | 7.35 |
| 2024 | 4 | 7.48 |
It may take a day or so for new Mirror Registry vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Red Hat Mirror Registry Security Vulnerabilities
Mirror Registry Host Header Sanitization Flaw Causing Redirect
CVE-2025-7777
6.5 - Medium
- August 20, 2025
The mirror-registry doesn't properly sanitize the host header HTTP header in HTTP request received, allowing an attacker to perform malicious redirects to attacker-controlled domains or phishing campaigns.
Open Redirect
Mirror Registry Quay-APP /etc/passwd Write Access Enables Root Escalation
CVE-2025-3528
8.2 - High
- May 09, 2025
A flaw was found in the Mirror Registry. The quay-app container shipped as part of the Mirror Registry for OpenShift has write access to the `/etc/passwd`. This flaw allows a malicious actor with access to the container to modify the passwd file and elevate their privileges to the root user within that pod.
Incorrect Default Permissions
Quay: Default DB Secret Key Hardcoded in mirror-registry Templates
CVE-2024-3623
6.5 - Medium
- April 25, 2024
A flaw was found when using mirror-registry to install Quay. It uses a default database secret key, which is stored in plain-text format in one of the configuration template files. This issue may lead to all instances of Quay deployed using mirror-registry to have the same database secret key. This flaw allows a malicious actor to access sensitive information from Quay's database.
Unprotected Storage of Credentials
Quay mirror-registry default secret leak enables session cookie replay
CVE-2024-3622
8.8 - High
- April 25, 2024
A flaw was found when using mirror-registry to install Quay. It uses a default secret, which is stored in plain-text format in one of the configuration template files. This issue may lead to all instances of Quay deployed using mirror-registry to have the same secret key. This flaw allows a malicious actor to craft session cookies and as a consequence, it may lead to gaining access to the affected Quay instance.
Unprotected Storage of Credentials
Quay Plaintext Config DB Vulnerability (mirror-registry)
CVE-2024-3624
7.3 - High
- April 25, 2024
A flaw was found in how Quay's database is stored in plain-text in mirror-registry on the jinja's config.yaml file. This flaw allows a malicious actor with access to this file to gain access to Quay's database.
Unprotected Storage of Credentials
Quay Container Registry: Plain-Text DB in Jinja Config Allows Redis Access
CVE-2024-3625
7.3 - High
- April 25, 2024
A flaw was found in Quay, where Quay's database is stored in plain text in mirror-registry on Jinja's config.yaml file. This issue leaves the possibility of a malicious actor with access to this file to gain access to Quay's Redis instance.
Unprotected Storage of Credentials
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Red Hat Mirror Registry or by Red Hat? Click the Watch button to subscribe.
