What is the severity of CVE-2024-3623?

CVE-2024-3623 is considered a high-severity vulnerability due to the exposure of a default database secret key in plain text.

How do I fix CVE-2024-3623?

To fix CVE-2024-3623, you should update your Quay and mirror-registry configurations to use a secure, unique database secret key instead of the default.

Who is affected by CVE-2024-3623?

CVE-2024-3623 affects instances of Red Hat Quay and Red Hat mirror-registry that utilize the default database secret key.

What are the potential impacts of CVE-2024-3623?

The primary impact of CVE-2024-3623 is that it can lead to data exposure and unauthorized access to databases across multiple Quay instances.

Is there a workaround for CVE-2024-3623?

While the best solution is to update the database secret key, a temporary workaround is to restrict access to the affected configuration files.

Vulnerability/
CVE-2024-3623

high

8.1

CWE

256

EPSS

0.043%

10/4/2024

25/4/2024

22/1/2025

CVE-2024-3623: Mirror-registry: default database secret key stored in plain-text on initial configuration file

First published: Wed Apr 10 2024(Updated: )

A flaw was found when using mirror-registry to install Quay. It uses a default database secret key, which is stored in plain-text format in one of the configuration template files. This issue may lead to all instances of Quay deployed using mirror-registry to have the same database secret key. This flaw allows a malicious actor to access sensitive information from Quay's database.

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
Red Hat Quay for IBM Z and LinuxONE
Red Hat mirror-registry

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2024-3623?
CVE-2024-3623 is considered a high-severity vulnerability due to the exposure of a default database secret key in plain text.
How do I fix CVE-2024-3623?
To fix CVE-2024-3623, you should update your Quay and mirror-registry configurations to use a secure, unique database secret key instead of the default.
Who is affected by CVE-2024-3623?
CVE-2024-3623 affects instances of Red Hat Quay and Red Hat mirror-registry that utilize the default database secret key.
What are the potential impacts of CVE-2024-3623?
The primary impact of CVE-2024-3623 is that it can lead to data exposure and unauthorized access to databases across multiple Quay instances.
Is there a workaround for CVE-2024-3623?
While the best solution is to update the database secret key, a temporary workaround is to restrict access to the affected configuration files.

agent/title
agent/weakness
agent/references
agent/type
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2024-3623
agent/description
agent/first-publish-date
agent/severity
agent/author
agent/event
collector/epss-latest
source/FIRST
agent/epss
collector/nvd-api
source/NVD
agent/source
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/guess-ai
agent/software-canonical-lookup
agent/software-canonical-lookup-request
agent/softwarecombine
agent/tags
vendor/red hat
canonical/red hat quay for ibm z and linuxone
canonical/red hat mirror-registry

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.