An information disclosure vulnerability exists in Red Hat Quay. An attacker with the ability to create a build trigger in a repository can disclose the names of robot accounts and the existence of private repositories within any namespace.
Acknowledgments: Name: Joey Schorr (Red Hat)
This issue has been addressed in the following products: Red Hat Quay 3 Via RHSA-2020:3525 https://access.redhat.com/errata/RHSA-2020:3525
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-14313
External References: https://access.redhat.com/errata/RHSA-2020:3525