Description

A flaw was found when using mirror-registry to install Quay. It uses a default database secret key, which is stored in plain-text format in one of the configuration template files. This issue may lead to all instances of Quay deployed using mirror-registry to have the same database secret key. This flaw allows a malicious actor to access sensitive information from Quay's database.

INFO

Published Date :

2024-04-25T17:46:47.141Z

Last Modified :

2026-01-21T13:03:17.136Z

Source :

redhat
AFFECTED PRODUCTS

The following products are affected by CVE-2024-3623 vulnerability.

Vendors Products
Redhat
  • Mirror Registry

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact