Quay Red Hat Quay

Do you want an email whenever new security vulnerabilities are reported in Red Hat Quay?

Recent Red Hat Quay Security Advisories

Advisory Title Published
RHSA-2021:3917 (RHSA-2021:3917) Important: Red Hat Quay v3.6.0 security, bug fix and enhancement update October 19, 2021
RHSA-2021:3665 (RHSA-2021:3665) Important: Red Hat Quay v3.5.7 bug fix and security update September 28, 2021

By the Year

In 2022 there have been 0 vulnerabilities in Red Hat Quay . Last year Quay had 3 security vulnerabilities published. Right now, Quay is on track to have less security vulnerabilities in 2022 than it did last year.

Year Vulnerabilities Average Score
2022 0 0.00
2021 3 5.80
2020 3 6.47
2019 5 7.30
2018 0 0.00

It may take a day or so for new Quay vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Red Hat Quay Security Vulnerabilities

A flaw was found in Red Hat Quay

CVE-2020-27832 9 - Critical - May 27, 2021

A flaw was found in Red Hat Quay, where it has a persistent Cross-site Scripting (XSS) vulnerability when displaying a repository's notification. This flaw allows an attacker to trick a user into performing a malicious action to impersonate the target user. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

XSS

A flaw was found in Red Hat Quay

CVE-2020-27831 4.3 - Medium - May 27, 2021

A flaw was found in Red Hat Quay, where it does not properly protect the authorization token when authorizing email addresses for repository email notifications. This flaw allows an attacker to add email addresses they do not own to repository notifications.

Authorization

A vulnerability was found in the Quay web application

CVE-2019-3867 4.1 - Medium - March 18, 2021

A vulnerability was found in the Quay web application. Sessions in the Quay web application never expire. An attacker, able to gain access to a session, could use it to control or delete a user's container repository. Red Hat Quay 2 and 3 are vulnerable to this issue.

Insufficient Session Expiration

An information disclosure vulnerability was found in Red Hat Quay in versions before 3.3.1

CVE-2020-14313 4.3 - Medium - August 11, 2020

An information disclosure vulnerability was found in Red Hat Quay in versions before 3.3.1. This flaw allows an attacker who can create a build trigger in a repository, to disclose the names of robot accounts and the existence of private repositories within any namespace.

Information Disclosure

A vulnerability was discovered in all quay-2 versions before quay-3.0.0, in the Quay web GUI where POST requests include a specific parameter

CVE-2019-3864 8.8 - High - January 21, 2020

A vulnerability was discovered in all quay-2 versions before quay-3.0.0, in the Quay web GUI where POST requests include a specific parameter which is used as a CSRF token. The token is not refreshed for every request or when a user logged out and in again. An attacker could use a leaked token to gain access to the system using the user's account.

Session Riding

A flaw was found in the way Red Hat Quay stores robot account tokens in plain text

CVE-2019-10205 6.3 - Medium - January 02, 2020

A flaw was found in the way Red Hat Quay stores robot account tokens in plain text. An attacker able to perform database queries in the Red Hat Quay database could use the tokens to read or write container images stored in the registry.

Insufficiently Protected Credentials

Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation

CVE-2019-9511 7.5 - High - August 13, 2019

Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.

Allocation of Resources Without Limits or Throttling

Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service

CVE-2019-9513 7.5 - High - August 13, 2019

Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU.

Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service

CVE-2019-9516 6.5 - Medium - August 13, 2019

Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory.

Allocation of Resources Without Limits or Throttling

Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service

CVE-2019-9517 7.5 - High - August 13, 2019

Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually write (many of) the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the servers queue the responses, this can consume excess memory, CPU, or both.

Allocation of Resources Without Limits or Throttling

Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service

CVE-2019-9518 7.5 - High - August 13, 2019

Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE. The peer spends time processing each frame disproportionate to attack bandwidth. This can consume excess CPU.

Allocation of Resources Without Limits or Throttling

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for McAfee Web Gateway or by Red Hat? Click the Watch button to subscribe.

Red Hat
Vendor

Red Hat Quay
Product

subscribe