CVE-2024-3624

{"id": "CVE-2024-3624", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "secalert@redhat.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 2.1}]}, "published": "2024-04-25T18:15:10.170", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2024-3624", "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274407", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/security/cve/CVE-2024-3624", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274407", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-256"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in how Quay's database is stored in plain-text in mirror-registry on the jinja's config.yaml file. This flaw allows a malicious actor with access to this file to gain access to Quay's database."}, {"lang": "es", "value": "Se encontr\u00f3 una falla en c\u00f3mo se almacena la base de datos de Quay en texto plano en el registro espejo en el archivo config.yaml de jinja. Esta falla permite que un actor malintencionado con acceso a este archivo obtenga acceso a la base de datos de Quay."}], "lastModified": "2024-11-21T09:30:00.973", "sourceIdentifier": "secalert@redhat.com"}