CVE-2020-27831

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions: Red Hat Quay (affected versions not specified)

Description: A flaw was found in Red Hat Quay, where it does not properly protect the authorization token when authorizing email addresses for repository email notifications. This flaw allows an attacker to add email addresses they do not own to repository notifications.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Access Control

Insufficiently Protected Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-522

Related Identifiers

CVE-2020-27831

Affected Products

Red Hat Quay

CVE-2020-27831

Weakness Enumeration

Related Identifiers

Affected Products

References · 4