{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-3624", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2024-04-10T18:03:04.115Z", "datePublished": "2024-04-25T17:46:52.447Z", "dateUpdated": "2024-09-24T14:27:51.659Z"}, "containers": {"cna": {"title": "Mirror-registry: database user and password stored in plain-text", "metrics": [{"other": {"content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A flaw was found in how Quay's database is stored in plain-text in mirror-registry on the jinja's config.yaml file. This flaw allows a malicious actor with access to this file to gain access to Quay's database."}], "affected": [{"packageName": "mirror-registry", "collectionURL": "https://github.com/quay/mirror-registry", "defaultStatus": "affected"}, {"vendor": "Red Hat", "product": "mirror registry for Red Hat OpenShift", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "mirror-registry-container", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:mirror_registry:1"]}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2024-3624", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274407", "name": "RHBZ#2274407", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "datePublic": "2024-04-10T00:00:00+00:00", "problemTypes": [{"descriptions": [{"cweId": "CWE-256", "description": "Plaintext Storage of a Password", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-256: Plaintext Storage of a Password", "timeline": [{"lang": "en", "time": "2024-04-10T00:00:00+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2024-04-10T00:00:00+00:00", "value": "Made public."}], "credits": [{"lang": "en", "value": "Red Hat would like to thank Solomon Roberts (BadgerOps.net works) for reporting this issue."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2024-09-24T14:27:51.659Z"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-3624", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-04-25T19:07:33.725829Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:32:11.306Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T20:20:00.402Z"}, "title": "CVE Program Container", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2024-3624", "tags": ["vdb-entry", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274407", "name": "RHBZ#2274407", "tags": ["issue-tracking", "x_refsource_REDHAT", "x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2024-3624", "tags": ["vdb-entry", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274407", "name": "RHBZ#2274407", "tags": ["issue-tracking", "x_refsource_REDHAT", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T20:20:00.402Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-3624", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-04-25T19:07:33.725829Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-04-25T19:08:00.501Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "Mirror-registry: database user and password stored in plain-text", "credits": [{"lang": "en", "value": "Red Hat would like to thank Solomon Roberts (BadgerOps.net works) for reporting this issue."}], "metrics": [{"other": {"type": "Red Hat severity rating", "content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"packageName": "mirror-registry", "collectionURL": "https://github.com/quay/mirror-registry", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:mirror_registry:1"], "vendor": "Red Hat", "product": "mirror registry for Red Hat OpenShift", "packageName": "mirror-registry-container", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}], "timeline": [{"lang": "en", "time": "2024-04-10T00:00:00+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2024-04-10T00:00:00+00:00", "value": "Made public."}], "datePublic": "2024-04-10T00:00:00+00:00", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2024-3624", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274407", "name": "RHBZ#2274407", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "descriptions": [{"lang": "en", "value": "A flaw was found in how Quay's database is stored in plain-text in mirror-registry on the jinja's config.yaml file. This flaw allows a malicious actor with access to this file to gain access to Quay's database."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-256", "description": "Plaintext Storage of a Password"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2024-09-24T14:27:51.659Z"}, "x_redhatCweChain": "CWE-256: Plaintext Storage of a Password"}}, "cveMetadata": {"cveId": "CVE-2024-3624", "state": "PUBLISHED", "dateUpdated": "2024-09-24T14:27:51.659Z", "dateReserved": "2024-04-10T18:03:04.115Z", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "datePublished": "2024-04-25T17:46:52.447Z", "assignerShortName": "redhat"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw was found in how Quay's database is stored in plain-text in mirror-registry on the jinja's config.yaml file. This flaw allows a malicious actor with access to this file to gain access to Quay's database."}, {"lang": "es", "value": "Se encontr\u00f3 una falla en c\u00f3mo se almacena la base de datos de Quay en texto plano en el registro espejo en el archivo config.yaml de jinja. Esta falla permite que un actor malintencionado con acceso a este archivo obtenga acceso a la base de datos de Quay."}], "id": "CVE-2024-3624", "lastModified": "2024-04-26T12:58:17.720", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 5.2, "source": "secalert@redhat.com", "type": "Secondary"}]}, "published": "2024-04-25T18:15:10.170", "references": [{"source": "secalert@redhat.com", "url": "https://access.redhat.com/security/cve/CVE-2024-3624"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274407"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-256"}], "source": "secalert@redhat.com", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank Solomon Roberts (BadgerOps.net works) for reporting this issue.", "bugzilla": {"description": "mirror-registry: Database user and password stored in plain-text", "id": "2274407", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274407"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "status": "draft"}, "cwe": "CWE-256", "details": ["A flaw was found in how Quay's database is stored in plain-text in mirror-registry on the jinja's config.yaml file. This flaw allows a malicious actor with access to this file to gain access to Quay's database.", "A flaw was found in how Quay's database is stored in plain-text in mirror-registry on the jinja's config.yaml file. This flaw allows a malicious actor with access to this file to gain access to Quay's database."], "name": "CVE-2024-3624", "package_state": [{"cpe": "cpe:/a:redhat:mirror_registry:1", "fix_state": "Affected", "package_name": "mirror-registry-container", "product_name": "mirror registry for Red Hat OpenShift"}], "public_date": "2024-04-10T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-3624\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-3624"], "threat_severity": "Moderate"}