Description

A vulnerability was found in Quay. If an attacker can obtain the client ID for an application, they can use an OAuth token to authenticate despite not having access to the organization from which the application was created. This issue is limited to authentication and not authorization. However, in configurations where endpoints rely only on authentication, a user may authenticate to applications they otherwise have no access to.

INFO

Published Date :

2024-06-12T13:16:54.443Z

Last Modified :

2024-08-02T16:17:31.664Z

Source :

redhat
AFFECTED PRODUCTS

The following products are affected by CVE-2024-5891 vulnerability.

Vendors Products
Redhat
  • Quay
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-5891.

URL Resource
https://access.redhat.com/security/cve/CVE-2024-5891 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=2283879 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2024-5891 cve-icon
https://www.cve.org/CVERecord?id=CVE-2024-5891 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact