VYPR

Quay

by Red Hat

Source repositories

CVEs (24)

  • CVE-2023-44487HigKEVOct 10, 2023
    risk 0.65cvss 7.5epss 1.00

    The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

  • CVE-2026-32589HigApr 8, 2026
    risk 0.48cvss 7.4epss 0.00

    A flaw was found in Red Hat Quay's container image upload process. An authenticated user with push access to any repository on the registry can interfere with image uploads in progress by other users, including those in repositories they do not have access to. This could allow…

  • CVE-2024-3625HigApr 25, 2024
    risk 0.47cvss 7.3epss 0.00

    A flaw was found in Quay, where Quay's database is stored in plain text in mirror-registry on Jinja's config.yaml file. This issue leaves the possibility of a malicious actor with access to this file to gain access to Quay's Redis instance.

  • CVE-2024-3624HigApr 25, 2024
    risk 0.47cvss 7.3epss 0.00

    A flaw was found in how Quay's database is stored in plain-text in mirror-registry on the jinja's config.yaml file. This flaw allows a malicious actor with access to this file to gain access to Quay's database.

  • CVE-2026-32590HigApr 8, 2026
    risk 0.46cvss 7.1epss 0.00

    A flaw was found in Red Hat Quay's handling of resumable container image layer uploads. The upload process stores intermediate data in the database using a format that, if tampered with, could allow an attacker to execute arbitrary code on the Quay server.

  • CVE-2026-2377MedApr 8, 2026
    risk 0.42cvss 6.5epss 0.00

    A flaw was found in mirror-registry. Authenticated users can exploit the log export feature by providing a specially crafted web address (URL). This allows the application's backend to make arbitrary requests to internal network resources, a vulnerability known as Server-Side…

  • CVE-2026-11569MedJun 8, 2026
    risk 0.35cvss 5.4epss 0.00

    A flaw was found in Quay. The filedrop endpoint accepts any mime type without validation, allowing an authenticated user with repository write access to upload a malicious SVG file containing JavaScript. The file is stored and served inline through the CDN, enabling stored…

  • CVE-2026-6848MedApr 22, 2026
    risk 0.35cvss 5.4epss 0.00

    A flaw was found in Red Hat Quay. When Red Hat Quay requests password re-verification for sensitive operations, such as token generation or robot account creation, the re-authentication prompt can be bypassed. This allows a user with a timed-out session, or an attacker with…

  • CVE-2026-32591MedApr 8, 2026
    risk 0.34cvss 5.2epss 0.00

    A flaw was found in Red Hat Quay's Proxy Cache configuration feature. When an organization administrator configures an upstream registry for proxy caching, Quay makes a network connection to the specified registry hostname without verifying that it points to a legitimate…

  • CVE-2026-10052MedMay 29, 2026
    risk 0.27cvss 4.1epss 0.00

    A flaw was found in the Quay config-tool's LDAP and SMTP validation functions. An attacker with config editor access can exploit these functions, which make outbound connections to user-supplied endpoints without proper IP or host filtering. This allows the attacker to perform…

  • CVE-2026-2376MedMar 12, 2026
    risk 0.25cvss 4.9epss 0.00

    A flaw was found in mirror-registry where an authenticated user can trick the system into accessing unintended internal or restricted systems by providing malicious web addresses. When the application processes these addresses, it automatically follows redirects without…

  • CVE-2025-4374May 6, 2025
    risk 0.00cvss epss 0.00

    A flaw was found in Quay. When an organization acts as a proxy cache, and a user or robot pulls an image that hasn't been mirrored yet, they are granted "Admin" permissions on the newly created repository.

  • CVE-2024-9683Oct 17, 2024
    risk 0.00cvss epss 0.00

    A vulnerability was found in Quay, which allows successful authentication even when a truncated password version is provided. This flaw affects the authentication mechanism, reducing the overall security of password enforcement.  While the risk is relatively low due to the…

  • CVE-2024-3623Apr 25, 2024
    risk 0.00cvss epss 0.00

    A flaw was found when using mirror-registry to install Quay. It uses a default database secret key, which is stored in plain-text format in one of the configuration template files. This issue may lead to all instances of Quay deployed using mirror-registry to have the same…

  • CVE-2023-4956Nov 7, 2023
    risk 0.00cvss epss 0.00

    A flaw was found in Quay. Clickjacking is when an attacker uses multiple transparent or opaque layers to trick a user into clicking on a button or link on another page when they intend to click on the top-level page. During the pentest, it has been detected that the…

  • CVE-2023-4959Sep 15, 2023
    risk 0.00cvss epss 0.00

    A flaw was found in Quay. Cross-site request forgery (CSRF) attacks force a user to perform unwanted actions in an application. During the pentest, it was detected that the config-editor page is vulnerable to CSRF. The config-editor page is used to configure the Quay instance.…

  • CVE-2023-3384Jul 24, 2023
    risk 0.00cvss epss 0.00

    A flaw was found in the Quay registry. While the image labels created through Quay undergo validation both in the UI and backend by applying a regex (validation.py), the same validation is not performed when the label comes from an image. This flaw allows an attacker to publish…

  • CVE-2020-27832May 27, 2021
    risk 0.00cvss epss 0.01

    A flaw was found in Red Hat Quay, where it has a persistent Cross-site Scripting (XSS) vulnerability when displaying a repository's notification. This flaw allows an attacker to trick a user into performing a malicious action to impersonate the target user. The highest threat…

  • CVE-2020-27831May 26, 2021
    risk 0.00cvss epss 0.01

    A flaw was found in Red Hat Quay, where it does not properly protect the authorization token when authorizing email addresses for repository email notifications. This flaw allows an attacker to add email addresses they do not own to repository notifications.

  • CVE-2019-3867Mar 18, 2021
    risk 0.00cvss epss 0.00

    A vulnerability was found in the Quay web application. Sessions in the Quay web application never expire. An attacker, able to gain access to a session, could use it to control or delete a user's container repository. Red Hat Quay 2 and 3 are vulnerable to this issue.

Page 1 of 2