CVE-2024-5891

Name of the Vulnerable Software and Affected Versions: Quay (affected versions not specified)

Description: A vulnerability was found in Quay, where an attacker can use an OAuth token to authenticate despite not having access to the organization from which the application was created, if they obtain the client ID for an application. This issue is limited to authentication and not authorization. However, in configurations where endpoints rely only on authentication, a user may authenticate to applications they otherwise have no access to.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.