Martin Brodeur

#17086of 53,635
15.6Total CVSS
Vulnerabilities · 3
Low
1
Medium
1
High
1
PT-2026-45353
5.8
2026-06-01
Red Hat · Red Hat Quay 3 · CVE-2026-10517
A flaw was found in Clair. The fetcher component makes outbound HTTP requests to attacker-supplied URIs from manifest layer descriptors without IP or scheme filtering. When PSK authentication is not configured (opt-in, not enforced by default), an unauthenticated attacker can submit a manifest with a URI pointing to internal services or cloud metadata endpoints. The SSRF is reflective for non-200 responses, leaking up to 256 bytes of error body content via CheckResponse error messages. Operator-managed Red Hat Quay deployments auto-configure PSK and are not exposed to the unauthenticated attack vector.
PT-2026-44797
2.7
2026-05-29
Red Hat · Quay Config-Tool · CVE-2026-10078
**Name of the Vulnerable Software and Affected Versions** Quay config-tool (affected versions not specified) **Description** A flaw in the GitLab OAuth validator causes sensitive credentials, specifically `client id` and `client secret`, to be transmitted as plaintext in URL query parameters during POST requests to the GitLab endpoint. This insecure transmission can lead to the disclosure of these credentials in server access logs, reverse proxy logs, and other monitoring systems, potentially allowing an attacker with log access to obtain the credentials and achieve unauthorized information disclosure. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2026-34328
7.1
2026-04-22
Unknown · Instructlab · CVE-2026-6855
**Name of the Vulnerable Software and Affected Versions** InstructLab (affected versions not specified) **Description** A path traversal flaw exists in the chat session handler. A local attacker can manipulate the `logs dir` parameter to create new directories and write files to arbitrary locations on the system, which may result in unauthorized data modification or disclosure. Path traversal is a technique that allows an attacker to access files and directories that are stored outside the web root folder by manipulating variables or parameters that are used to build a file path. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.