Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2020-27831

Опубликовано: 09 дек. 2020
Источник: redhat
CVSS3: 2.6
EPSS Низкий

Описание

A flaw was found in Red Hat Quay, where it does not properly protect the authorization token when authorizing email addresses for repository email notifications. This flaw allows an attacker to add email addresses they do not own to repository notifications.

Меры по смягчению последствий

Disable email using the configuration app.

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-284
https://bugzilla.redhat.com/show_bug.cgi?id=1905758quay: email notifications authorization bypass

EPSS

Процентиль: 32%
0.00127
Низкий

2.6 Low

CVSS3

Связанные уязвимости

nvd логотип

CVE-2020-27831

CVSS3: 4.3
nvd
больше 4 лет назад

A flaw was found in Red Hat Quay, where it does not properly protect the authorization token when authorizing email addresses for repository email notifications. This flaw allows an attacker to add email addresses they do not own to repository notifications.

github логотип

GHSA-3mxm-3qx9-6gq2

CVSS3: 4.3
github
больше 3 лет назад

A flaw was found in Red Hat Quay, where it does not properly protect the authorization token when authorizing email addresses for repository email notifications. This flaw allows an attacker to add email addresses they do not own to repository notifications.

EPSS

Процентиль: 32%
0.00127
Низкий

2.6 Low

CVSS3