CVE-2019-10205
First published: Thu Jan 02 2020(Updated: )
A flaw was found in the way Red Hat Quay stores robot account tokens in plain text. An attacker able to perform database queries in the Red Hat Quay database could use the tokens to read or write container images stored in the registry.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Redhat Quay | =3.0.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-10205?
CVE-2019-10205 is a vulnerability in Red Hat Quay that allows attackers to read or write container images stored in the registry.
How severe is CVE-2019-10205?
CVE-2019-10205 has a severity score of 6.3, which is considered medium.
Which software versions are affected by CVE-2019-10205?
CVE-2019-10205 affects Red Hat Quay version 3.0.0.
How can an attacker exploit CVE-2019-10205?
An attacker who can perform database queries in the Red Hat Quay database can exploit CVE-2019-10205 by using the stored robot account tokens to read or write container images.
Is there a fix for CVE-2019-10205?
Yes, it is recommended to upgrade Red Hat Quay to a version that has the fix for CVE-2019-10205. Please refer to the official Red Hat advisory for more information.
- collector/nvd-index
- agent/severity
- agent/references
- agent/author
- agent/type
- agent/event
- agent/weakness
- agent/description
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/redhat
- canonical/redhat quay
- version/redhat quay/3.0.0