CVE-2024-3622

HIGH Year: 2024
CVSS v3 Score
8.8
High
Weakness Type
CWE-256
View all →

Vulnerability Description

A flaw was found when using mirror-registry to install Quay. It uses a default secret, which is stored in plain-text format in one of the configuration template files. This issue may lead to all instances of Quay deployed using mirror-registry to have the same secret key. This flaw allows a malicious actor to craft session cookies and as a consequence, it may lead to gaining access to the affected Quay instance.

Related Vulnerabilities

CVE-2020-5315

HIGH
CVSS:8.8(High)

Dell EMC Repository Manager (DRM) version 3.2 contains a plain-text password storage vulnerability. Proxy server user password is stored in a plain text in a local database. A local authenticated mali...

CWE-2562020

CVE-2022-33928

HIGH
CVSS:8.8(High)

Dell Wyse Management Suite 3.6.1 and below contains an Plain-text Password Storage Vulnerability in UI. An attacker with low privileges could potentially exploit this vulnerability, leading to the dis...

CWE-2562022

CVE-2022-4308

HIGH
CVSS:8.8(High)

Plaintext Storage of a Password vulnerability in Secomea GateManager (USB wizard) allows Authentication abuse on SiteManager, if the generated file is leaked.

CWE-2562022

CVE-2023-41610

HIGH
CVSS:8.8(High)

Victure PC420 1.1.39 was discovered to contain a hardcoded root password which is stored in plaintext.

CWE-2562023

CVE-2023-4918

HIGH
CVSS:8.8(High)

A flaw was found in the Keycloak package, more specifically org.keycloak.userprofile. When a user registers itself through registration flow, the "password" and "password-confirm" field from the form ...

CWE-2562023