CVE-2019-10205

Published at:
2020-01-02T17:15:11.470
Source: [email protected]

Global infos:

A flaw was found in the way Red Hat Quay stores robot account tokens in plain text. An attacker able to perform database queries in the Red Hat Quay database could use the tokens to read or write container images stored in the registry.

CVE Status: Modified

References:

  • [email protected]
  • af854a3a-2127-422b-91ae-364da2661108
    •

    Metrics:

    AttributeValue
    Attack ComplexityLOW
    Attack VectorLOCAL
    Availability ImpactHIGH
    Base Score6.3
    Base SeverityMEDIUM
    Confidentiality ImpactLOW
    Integrity ImpactHIGH
    Privileges RequiredHIGH
    ScopeUNCHANGED
    User InteractionNONE
    Vector StringCVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H
    Exploitability Score0.8
    Impact Score5.5
    Source[email protected]
    TypePrimary

    Links:

    Exploit-db
    Github

    Most recherched CVEs
    Popular Keywords