Red Hat Mirror Registry
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Red Hat Mirror Registry.
By the Year
In 2025 there have been 2 vulnerabilities in Red Hat Mirror Registry with an average score of 7.4 out of ten. Last year, in 2024 Mirror Registry had 2 security vulnerabilities published. At the current rates, it appears that the number of vulnerabilities last year and this year may equal out. However, the average CVE base score of the vulnerabilities in 2025 is greater by 0.85.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2025 | 2 | 7.35 |
| 2024 | 2 | 6.50 |
It may take a day or so for new Mirror Registry vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Red Hat Mirror Registry Security Vulnerabilities
Mirror Registry Host Header Sanitization Flaw Causing Redirect
CVE-2025-7777
6.5 - Medium
- August 20, 2025
The mirror-registry doesn't properly sanitize the host header HTTP header in HTTP request received, allowing an attacker to perform malicious redirects to attacker-controlled domains or phishing campaigns.
Open Redirect
Mirror Registry Quay-APP /etc/passwd Write Access Enables Root Escalation
CVE-2025-3528
8.2 - High
- May 09, 2025
A flaw was found in the Mirror Registry. The quay-app container shipped as part of the Mirror Registry for OpenShift has write access to the `/etc/passwd`. This flaw allows a malicious actor with access to the container to modify the passwd file and elevate their privileges to the root user within that pod.
Incorrect Default Permissions
Quay: Default DB Secret Key Hardcoded in mirror-registry Templates
CVE-2024-3623
6.5 - Medium
- April 25, 2024
A flaw was found when using mirror-registry to install Quay. It uses a default database secret key, which is stored in plain-text format in one of the configuration template files. This issue may lead to all instances of Quay deployed using mirror-registry to have the same database secret key. This flaw allows a malicious actor to access sensitive information from Quay's database.
Unprotected Storage of Credentials
Quay mirror-registry default secret leak enables session cookie replay
CVE-2024-3622
- April 25, 2024
A flaw was found when using mirror-registry to install Quay. It uses a default secret, which is stored in plain-text format in one of the configuration template files. This issue may lead to all instances of Quay deployed using mirror-registry to have the same secret key. This flaw allows a malicious actor to craft session cookies and as a consequence, it may lead to gaining access to the affected Quay instance.
Unprotected Storage of Credentials
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Red Hat Mirror Registry or by Red Hat? Click the Watch button to subscribe.
