Homepage
About Snyk

Plaintext Storage of a Password Affecting github.com/quay/mirror-registry package, versions *

0.0
high

Snyk CVSS

    Attack Complexity Low
    Confidentiality High
    Integrity High
    Availability High

    Threat Intelligence

    EPSS 0.04% (9th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-GOLANG-GITHUBCOMQUAYMIRRORREGISTRY-6596199
  • published 11 Apr 2024
  • disclosed 10 Apr 2024
  • credit Unknown
Report a new vulnerability Found a mistake?

Introduced: 10 Apr 2024

New CVE-2024-3622 Open this link in a new tab
CWE-256 Open this link in a new tab

How to fix?

There is no fixed version for github.com/quay/mirror-registry.

Overview

github.com/quay/mirror-registry is an application that will allow users to easily install Quay and its required components using a simple CLI tool. The purpose is to provide a registry to hold a mirror of OpenShift images.

Affected versions of this package are vulnerable to Plaintext Storage of a Password due to the use of a plain-text default CSRF secret key. An attacker can intercept or manipulate requests by predicting the secret key used for CSRF protection.