PT-2026-44797 · Red Hat+1 · Quay Config-Tool+1

Martin Brodeur

·

Published

2026-05-29

·

Updated

2026-05-29

·

CVE-2026-10078

CVSS v3.1

2.7

Low

VectorAV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
Name of the Vulnerable Software and Affected Versions Quay config-tool (affected versions not specified)
Description A flaw in the GitLab OAuth validator causes sensitive credentials, specifically client id and client secret, to be transmitted as plaintext in URL query parameters during POST requests to the GitLab endpoint. This insecure transmission can lead to the disclosure of these credentials in server access logs, reverse proxy logs, and other monitoring systems, potentially allowing an attacker with log access to obtain the credentials and achieve unauthorized information disclosure.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-10078

Affected Products

Gitlab
Quay Config-Tool