Описание
A flaw was found in mirror-registry where an authenticated user can trick the system into accessing unintended internal or restricted systems by providing malicious web addresses. When the application processes these addresses, it automatically follows redirects without verifying the final destination, allowing attackers to route requests to systems they should not have access to.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| mirror registry for Red Hat OpenShift | openshift/mirror-registry-rhel8 | Fix deferred | ||
| mirror registry for Red Hat OpenShift 2 | openshift/mirror-registry-rhel8 | Fix deferred | ||
| Red Hat Quay 3 | quay/quay-rhel8 | Fix deferred | ||
| Red Hat Quay 3 | quay/quay-rhel9 | Fix deferred |
Показывать по
Дополнительная информация
Статус:
EPSS
4.9 Medium
CVSS3
Связанные уязвимости
A flaw was found in mirror-registry where an authenticated user can trick the system into accessing unintended internal or restricted systems by providing malicious web addresses. When the application processes these addresses, it automatically follows redirects without verifying the final destination, allowing attackers to route requests to systems they should not have access to.
A flaw was found in mirror-registry where an authenticated user can trick the system into accessing unintended internal or restricted systems by providing malicious web addresses. When the application processes these addresses, it automatically follows redirects without verifying the final destination, allowing attackers to route requests to systems they should not have access to.
EPSS
4.9 Medium
CVSS3