HIGH🇬🇧 English

CVE-2026-32589

CVSS 7.4v3.1pub. 2026-04-08upd. 2026-07-01

A flaw was found in Red Hat Quay's container image upload process. An authenticated user with push access to any repository on the registry can interfere with image uploads in progress by other users, including those in repositories they do not have access to. This could allow the attacker to read, modify, or cancel another user's in-progress image upload.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
  • Red Hat Mirror Registry For Red Hat Openshift

    APP
    Redhat
    2.0
  • Red Hat Quay

    APP
    Redhat
    3.0.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Container
CWE
Referencje

Powiązane podatności

CVE-2021-3762CRITICAL9.8ten sam produkt

A directory traversal vulnerability was found in the ClairCore engine of Clair. An attacker can exploit this b...

CVE-2020-27832CRITICAL9.0ten sam produkt

A flaw was found in Red Hat Quay, where it has a persistent Cross-site Scripting (XSS) vulnerability when disp...

CVE-2026-32590HIGH7.1ten sam produkt

A flaw was found in Red Hat Quay's handling of resumable container image layer uploads. The upload process sto...

CVE-2020-10735HIGH7.5ten sam produkt

A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using in...

CVE-2022-1227HIGH8.8ten sam produkt

A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to ...