Impact
A flaw in Red Hat Quay and mirror‑registry for Red Hat OpenShift enables an authenticated user to specify an arbitrary callback URL during log export. The backend then performs a server‑side HTTP request to the supplied address. This Server‑Side Request Forgery (CWE‑918) permits the attacker to send requests from the application's internal network, potentially exposing sensitive information or facilitating further attacks.
Affected Systems
The vulnerability affects Red Hat OpenShift mirror‑registry components and Quay 3. The specific affected packages include mirror‑registry version 1, mirror‑registry version 2, and Quay 3, as indicated by their Common Platform Enumeration strings.
Risk and Exploitability
The nominal CVSS score of 6.5 reflects a moderate severity, and the EPSS score of < 1% indicates a very low but non-zero probability of exploitation. The vulnerability is not listed in CISA’s KEV catalog, indicating no confirmed public exploits yet. Because the exploit requires an authenticated user with permission to export logs, an attacker must first gain legitimate access; from there they can trick the system into accessing internal resources. The risk is significant for environments where internal services are not properly segmented or monitored.
OpenCVE Enrichment