Redhat

Mirror Registry

4 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.9

CVE-2026-2376

  • EPSS 0.03%
  • Veröffentlicht 12.03.2026 19:16:16
  • Zuletzt bearbeitet 12.03.2026 21:16:25

A flaw was found in mirror-registry where an authenticated user can trick the system into accessing unintended internal or restricted systems by providing malicious web addresses. When the application processes these addresses, it automatically fol...

6.5

CVE-2025-7777

  • EPSS 0.04%
  • Veröffentlicht 20.08.2025 11:38:59
  • Zuletzt bearbeitet 20.08.2025 16:15:43

The mirror-registry doesn't properly sanitize the host header HTTP header in HTTP request received, allowing an attacker to perform malicious redirects to attacker-controlled domains or phishing campaigns.

8.8

CVE-2024-3622

  • EPSS 0.12%
  • Veröffentlicht 25.04.2024 18:15:09
  • Zuletzt bearbeitet 30.07.2025 14:41:38

A flaw was found when using mirror-registry to install Quay. It uses a default secret, which is stored in plain-text format in one of the configuration template files. This issue may lead to all instances of Quay deployed using mirror-registry to hav...

6.5

CVE-2024-3623

  • EPSS 0.09%
  • Veröffentlicht 25.04.2024 18:15:09
  • Zuletzt bearbeitet 21.01.2026 14:16:05

A flaw was found when using mirror-registry to install Quay. It uses a default database secret key, which is stored in plain-text format in one of the configuration template files. This issue may lead to all instances of Quay deployed using mirror-re...