CVE-2019-10205 MEDIUM

CVE-2019-10205

Vendor Red Hat
Product quay
Weakness CWE-522 · Insufficiently protected credentials
Published January 2, 2020
Last update August 4, 2024

CVSS base score

6.0/10
Attack vector Local
Attack complexity High
Privileges required High
User interaction None
Confidentiality Low
Integrity High

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:H

What the vulnerability does

01Description

A flaw was found in the way Red Hat Quay stores robot account tokens in plain text. An attacker able to perform database queries in the Red Hat Quay database could use the tokens to read or write container images stored in the registry.

Key dates

02Disclosure timeline

January 2, 2020 CVE published
August 4, 2024 Record updated