A flaw was found in Quay. When an organization acts as a proxy cache, and a user or robot pulls an image that hasn't been mirrored yet, they are granted "Admin" permissions on the newly created repository.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-05-06
A flaw was found in Red Hat Quay, where it does not properly protect the authorization token when authorizing email addresses for repository email notifications. This flaw allows an attacker to add email addresses they do not own to repository notifications.
CVSS Score
4.3
EPSS Score
0.001
Published
2021-05-27