PT-2026-44797 · Red Hat+1 · Quay Config-Tool+1
Martin Brodeur
·
Published
2026-05-29
·
Updated
2026-05-29
·
CVE-2026-10078
CVSS v3.1
2.7
Low
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Quay config-tool (affected versions not specified)
Description
A flaw in the GitLab OAuth validator causes sensitive credentials, specifically
client id and client secret, to be transmitted as plaintext in URL query parameters during POST requests to the GitLab endpoint. This insecure transmission can lead to the disclosure of these credentials in server access logs, reverse proxy logs, and other monitoring systems, potentially allowing an attacker with log access to obtain the credentials and achieve unauthorized information disclosure.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Gitlab
Quay Config-Tool