VYPR

Mirror Registry

by Quay

Source repositories

CVEs (2)

  • CVE-2024-3622HigApr 25, 2024
    risk 0.57cvss 8.8epss 0.01

    A flaw was found when using mirror-registry to install Quay. It uses a default secret, which is stored in plain-text format in one of the configuration template files. This issue may lead to all instances of Quay deployed using mirror-registry to have the same secret key. This…

  • CVE-2024-3624HigApr 25, 2024
    risk 0.47cvss 7.3epss 0.00

    A flaw was found in how Quay's database is stored in plain-text in mirror-registry on the jinja's config.yaml file. This flaw allows a malicious actor with access to this file to gain access to Quay's database.