Bug 1732190 (CVE-2019-10205)
| Summary: | CVE-2019-10205 quay: Red Hat Quay stores robot account tokens in plain text | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Jason Shepherd <jshepherd> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | achapman, bdettelb, dbaker, dherrman, jschorr, rmarwaha, security-response-team, tomckay |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: |
A flaw was found in the way Red Hat Quay stores robot account tokens in plain text. An attacker able to perform database queries in the Red Hat Quay database could use the tokens to read or write container images stored in the registry.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2019-12-19 20:09:26 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1732223 | ||
| Bug Blocks: | 1732186 | ||
|
Description
Jason Shepherd
2019-07-23 01:31:42 UTC
Acknowledgments: Name: Sean Smith (F5 Networks) This issue has been addressed in the following products: Red Hat Quay 3 Via RHSA-2019:4341 https://access.redhat.com/errata/RHSA-2019:4341 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-10205 |