Description

A flaw was found when using mirror-registry to install Quay. It uses a default secret, which is stored in plain-text format in one of the configuration template files. This issue may lead to all instances of Quay deployed using mirror-registry to have the same secret key. This flaw allows a malicious actor to craft session cookies and as a consequence, it may lead to gaining access to the affected Quay instance.

INFO

Published Date :

2024-04-25T17:46:29.152Z

Last Modified :

2025-11-20T07:13:29.991Z

Source :

redhat
AFFECTED PRODUCTS

The following products are affected by CVE-2024-3622 vulnerability.

Vendors Products
Redhat
  • Mirror Registry

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact