CVE-2024-3622

Name of the Vulnerable Software and Affected Versions: Quay (affected versions not specified)

Description: The issue is related to the storage of critical information in plain text, which can be exploited by a remote attacker to create session cookies and gain unauthorized access to the affected Quay instance. This flaw may affect all instances of Quay deployed using mirror-registry, as they may have the same secret key.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.