CVE-2024-3624

Name of the Vulnerable Software and Affected Versions: Quay (affected versions not specified)

Description: A flaw in Quay's mirror-registry allows a malicious actor with access to the config.yaml file to gain unauthorized access to Quay's database. The issue is related to the storage of critical information in plain-text in the config.yaml file of the Jinja template engine. This could enable a remote attacker to exploit the flaw and obtain unauthorized access to sensitive information.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.