cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-3622,https://securityvulnerability.io/vulnerability/CVE-2024-3622,"Mirror-registry Flaw Affects Quay Instances, Leading to Session Cookie Tampering","A vulnerability exists in Red Hat's Quay product related to the installation process utilizing mirror-registry. The issue stems from the use of a default secret, which is stored in plaintext within one of the configuration template files. This oversight can result in all Quay instances deployed through mirror-registry sharing the same secret key. Consequently, this flaw may allow malicious actors to fabricate session cookies, potentially leading to unauthorized access to the affected Quay instance. It is crucial for users of Quay to review their configuration settings and implement secure practices to mitigate this risk.",Red Hat,Mirror Registry For Red Hat Openshift,8.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-04-25T18:15:00.000Z,0
CVE-2024-3624,https://securityvulnerability.io/vulnerability/CVE-2024-3624,Quay's Database Vulnerability: Plain-Text Storage Exposes Sensitive Data,"A security issue has been identified in Quay, a container registry service by Red Hat, involving the insecure storage of database credentials within the mirror-registry's configuration file (config.yaml). This flaw permits malicious actors, who gain access to this file, to retrieve sensitive database information, compromising the integrity and confidentiality of the data stored within Quay's database. It emphasizes the importance of securing configuration files and utilizing encryption for sensitive data storage to mitigate potential security threats.",Red Hat,Mirror Registry For Red Hat Openshift,7.3,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-04-25T18:15:00.000Z,0
CVE-2024-3625,https://securityvulnerability.io/vulnerability/CVE-2024-3625,Plain Text Database Vulnerability Exposes Quay's Redis Instance to Attack,"A significant data exposure vulnerability has been identified in Quay, a popular container registry operated by Red Hat. The flaw arises from storing the Quay database in plain text within the mirror-registry configuration file, config.yaml. This configuration exposes critical data, potentially allowing malicious actors who gain access to this file to connect to the accessible Redis instance linked to Quay. This vulnerability underscores the importance of securing sensitive configuration files to prevent unauthorized access to backend services.",Red Hat,Mirror Registry For Red Hat Openshift,7.3,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-04-25T18:15:00.000Z,0