cvelistv5 - CVE-2020-14313

CVE-2020-14313 (GCVE-0-2020-14313)

Vulnerability from cvelistv5

Published

2020-08-11 13:42

Modified

2024-08-04 12:39

Severity ?

CWE

Exposure of Sensitive Information to an Unauthorized Actor

Summary

An information disclosure vulnerability was found in Red Hat Quay in versions before 3.3.1. This flaw allows an attacker who can create a build trigger in a repository, to disclose the names of robot accounts and the existence of private repositories within any namespace.

References

►

URL

	Vendor	Product	Version
	n/a	Quay	Version: Quay versions before 3.3.1

ghsa-qp9w-fqwx-r4j3

Vulnerability from github

Published

2022-05-24 17:25

Modified

2022-05-24 17:25

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-14313"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-08-11T14:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An information disclosure vulnerability was found in Red Hat Quay in versions before 3.3.1. This flaw allows an attacker who can create a build trigger in a repository, to disclose the names of robot accounts and the existence of private repositories within any namespace.",
  "id": "GHSA-qp9w-fqwx-r4j3",
  "modified": "2022-05-24T17:25:18Z",
  "published": "2022-05-24T17:25:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14313"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853026"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

gsd-2020-14313

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

Aliases

CVE-2020-14313

Aliases

CVE-2020-14313

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-14313",
    "description": "An information disclosure vulnerability was found in Red Hat Quay in versions before 3.3.1. This flaw allows an attacker who can create a build trigger in a repository, to disclose the names of robot accounts and the existence of private repositories within any namespace.",
    "id": "GSD-2020-14313",
    "references": [
      "https://access.redhat.com/errata/RHSA-2020:3525"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-14313"
      ],
      "details": "An information disclosure vulnerability was found in Red Hat Quay in versions before 3.3.1. This flaw allows an attacker who can create a build trigger in a repository, to disclose the names of robot accounts and the existence of private repositories within any namespace.",
      "id": "GSD-2020-14313",
      "modified": "2023-12-13T01:22:00.209642Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2020-14313",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Quay",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Quay versions before 3.3.1"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "An information disclosure vulnerability was found in Red Hat Quay in versions before 3.3.1. This flaw allows an attacker who can create a build trigger in a repository, to disclose the names of robot accounts and the existence of private repositories within any namespace."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Exposure of Sensitive Information to an Unauthorized Actor"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1853026",
            "refsource": "MISC",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853026"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:redhat:quay:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.3.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2020-14313"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "An information disclosure vulnerability was found in Red Hat Quay in versions before 3.3.1. This flaw allows an attacker who can create a build trigger in a repository, to disclose the names of robot accounts and the existence of private repositories within any namespace."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1853026",
              "refsource": "MISC",
              "tags": [
                "Issue Tracking",
                "Vendor Advisory"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853026"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 1.4
        }
      },
      "lastModifiedDate": "2021-07-21T11:39Z",
      "publishedDate": "2020-08-11T14:15Z"
    }
  }
}

fkie_cve-2020-14313

Vulnerability from fkie_nvd

Published

2020-08-11 14:15

Modified

2024-11-21 05:02

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Summary

References

▶	URL	Tags
	secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=1853026	Issue Tracking, Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=1853026	Issue Tracking, Vendor Advisory

Impacted products

	Vendor	Product	Version
	redhat	quay	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:quay:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "56E9B3DE-B7A8-4DFD-8855-50D29611B554",
              "versionEndExcluding": "3.3.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An information disclosure vulnerability was found in Red Hat Quay in versions before 3.3.1. This flaw allows an attacker who can create a build trigger in a repository, to disclose the names of robot accounts and the existence of private repositories within any namespace."
    },
    {
      "lang": "es",
      "value": "Se encontr\u00f3 una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n en Red Hat Quay en versiones anteriores a 3.3.1. Este fallo permite a un atacante que puede crear un desencadenamiento de compilaci\u00f3n en un repositorio, divulgar los nombres de cuentas de robot y la existencia de repositorios privados dentro de cualquier espacio de nombres"
    }
  ],
  "id": "CVE-2020-14313",
  "lastModified": "2024-11-21T05:02:59.207",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-08-11T14:15:11.553",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853026"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853026"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

rhsa-2020:3525

Vulnerability from csaf_redhat

Published

2020-08-19 19:50

Modified

2025-07-31 11:48

Summary

Red Hat Security Advisory: Red Hat Quay v3.3.1 security update

Notes

Topic

An update is now available for Red Hat Quay 3.3 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details

Quay 3.3.1 release, including: Security Fix(es): * quay: build triggers can disclose robot account names and existence of private repos within namespaces (CVE-2020-14313) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Quay 3.3.1 release (BZ#1844197)

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update is now available for Red Hat Quay 3.3\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Quay 3.3.1 release, including:\n\nSecurity Fix(es):\n\n* quay: build triggers can disclose robot account names and existence of private repos within namespaces (CVE-2020-14313)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* Quay 3.3.1 release (BZ#1844197)",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2020:3525",
        "url": "https://access.redhat.com/errata/RHSA-2020:3525"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "1844197",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1844197"
      },
      {
        "category": "external",
        "summary": "1853026",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853026"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_3525.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat Quay v3.3.1 security update",
    "tracking": {
      "current_release_date": "2025-07-31T11:48:00+00:00",
      "generator": {
        "date": "2025-07-31T11:48:00+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.6"
        }
      },
      "id": "RHSA-2020:3525",
      "initial_release_date": "2020-08-19T19:50:53+00:00",
      "revision_history": [
        {
          "date": "2020-08-19T19:50:53+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2020-08-19T19:50:53+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-07-31T11:48:00+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Quay v3",
                "product": {
                  "name": "Quay v3",
                  "product_id": "8Base-Quay-3",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:quay:3::el8"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Quay"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "quay/quay-openshift-bridge-rhel8-operator@sha256:c3accac2b227aa200d3a3774ce787eaf92783725e0bd8443b6f3b02787be9e6d_amd64",
                "product": {
                  "name": "quay/quay-openshift-bridge-rhel8-operator@sha256:c3accac2b227aa200d3a3774ce787eaf92783725e0bd8443b6f3b02787be9e6d_amd64",
                  "product_id": "quay/quay-openshift-bridge-rhel8-operator@sha256:c3accac2b227aa200d3a3774ce787eaf92783725e0bd8443b6f3b02787be9e6d_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/quay-openshift-bridge-rhel8-operator@sha256:c3accac2b227aa200d3a3774ce787eaf92783725e0bd8443b6f3b02787be9e6d?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-openshift-bridge-rhel8-operator\u0026tag=v3.3.1-4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "quay/quay-openshift-bridge-rhel8-operator-metadata@sha256:6dd16c3286714b577b1ab89a243514367e5e50fea74bc7eb02894ed3113f198b_amd64",
                "product": {
                  "name": "quay/quay-openshift-bridge-rhel8-operator-metadata@sha256:6dd16c3286714b577b1ab89a243514367e5e50fea74bc7eb02894ed3113f198b_amd64",
                  "product_id": "quay/quay-openshift-bridge-rhel8-operator-metadata@sha256:6dd16c3286714b577b1ab89a243514367e5e50fea74bc7eb02894ed3113f198b_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/quay-openshift-bridge-rhel8-operator-metadata@sha256:6dd16c3286714b577b1ab89a243514367e5e50fea74bc7eb02894ed3113f198b?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-openshift-bridge-rhel8-operator-metadata\u0026tag=v3.3.1-6"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "quay/quay-container-security-rhel8-operator@sha256:f6c5f198dfe86402d65659eb83517aedd6de5ce0eb1e93689dd5e5ab47010703_amd64",
                "product": {
                  "name": "quay/quay-container-security-rhel8-operator@sha256:f6c5f198dfe86402d65659eb83517aedd6de5ce0eb1e93689dd5e5ab47010703_amd64",
                  "product_id": "quay/quay-container-security-rhel8-operator@sha256:f6c5f198dfe86402d65659eb83517aedd6de5ce0eb1e93689dd5e5ab47010703_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/quay-container-security-rhel8-operator@sha256:f6c5f198dfe86402d65659eb83517aedd6de5ce0eb1e93689dd5e5ab47010703?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-container-security-rhel8-operator\u0026tag=v3.3.1-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "quay/quay-container-security-rhel8-operator-metadata@sha256:e6de465f8eb15f4e27775cf2cf943c2264adae799df254a15f81c89dd5791efc_amd64",
                "product": {
                  "name": "quay/quay-container-security-rhel8-operator-metadata@sha256:e6de465f8eb15f4e27775cf2cf943c2264adae799df254a15f81c89dd5791efc_amd64",
                  "product_id": "quay/quay-container-security-rhel8-operator-metadata@sha256:e6de465f8eb15f4e27775cf2cf943c2264adae799df254a15f81c89dd5791efc_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/quay-container-security-rhel8-operator-metadata@sha256:e6de465f8eb15f4e27775cf2cf943c2264adae799df254a15f81c89dd5791efc?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-container-security-rhel8-operator-metadata\u0026tag=v3.3.1-7"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "quay/quay-operator-bundle@sha256:f44ec43ace96887f007ef02b0f4234124df9c322c9349bce6f079667af2abc7a_amd64",
                "product": {
                  "name": "quay/quay-operator-bundle@sha256:f44ec43ace96887f007ef02b0f4234124df9c322c9349bce6f079667af2abc7a_amd64",
                  "product_id": "quay/quay-operator-bundle@sha256:f44ec43ace96887f007ef02b0f4234124df9c322c9349bce6f079667af2abc7a_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/quay-operator-bundle@sha256:f44ec43ace96887f007ef02b0f4234124df9c322c9349bce6f079667af2abc7a?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-operator-bundle\u0026tag=v3.3.1-16"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "quay/quay-rhel8-operator@sha256:1c575fd5e86c57c9ced3826b2f04f0ab69de226cff37b9cda6bc7962c928fef1_amd64",
                "product": {
                  "name": "quay/quay-rhel8-operator@sha256:1c575fd5e86c57c9ced3826b2f04f0ab69de226cff37b9cda6bc7962c928fef1_amd64",
                  "product_id": "quay/quay-rhel8-operator@sha256:1c575fd5e86c57c9ced3826b2f04f0ab69de226cff37b9cda6bc7962c928fef1_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/quay-rhel8-operator@sha256:1c575fd5e86c57c9ced3826b2f04f0ab69de226cff37b9cda6bc7962c928fef1?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-rhel8-operator\u0026tag=v3.3.1-4"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "quay/quay-container-security-rhel8-operator-metadata@sha256:e6de465f8eb15f4e27775cf2cf943c2264adae799df254a15f81c89dd5791efc_amd64 as a component of Quay v3",
          "product_id": "8Base-Quay-3:quay/quay-container-security-rhel8-operator-metadata@sha256:e6de465f8eb15f4e27775cf2cf943c2264adae799df254a15f81c89dd5791efc_amd64"
        },
        "product_reference": "quay/quay-container-security-rhel8-operator-metadata@sha256:e6de465f8eb15f4e27775cf2cf943c2264adae799df254a15f81c89dd5791efc_amd64",
        "relates_to_product_reference": "8Base-Quay-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "quay/quay-container-security-rhel8-operator@sha256:f6c5f198dfe86402d65659eb83517aedd6de5ce0eb1e93689dd5e5ab47010703_amd64 as a component of Quay v3",
          "product_id": "8Base-Quay-3:quay/quay-container-security-rhel8-operator@sha256:f6c5f198dfe86402d65659eb83517aedd6de5ce0eb1e93689dd5e5ab47010703_amd64"
        },
        "product_reference": "quay/quay-container-security-rhel8-operator@sha256:f6c5f198dfe86402d65659eb83517aedd6de5ce0eb1e93689dd5e5ab47010703_amd64",
        "relates_to_product_reference": "8Base-Quay-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "quay/quay-openshift-bridge-rhel8-operator-metadata@sha256:6dd16c3286714b577b1ab89a243514367e5e50fea74bc7eb02894ed3113f198b_amd64 as a component of Quay v3",
          "product_id": "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator-metadata@sha256:6dd16c3286714b577b1ab89a243514367e5e50fea74bc7eb02894ed3113f198b_amd64"
        },
        "product_reference": "quay/quay-openshift-bridge-rhel8-operator-metadata@sha256:6dd16c3286714b577b1ab89a243514367e5e50fea74bc7eb02894ed3113f198b_amd64",
        "relates_to_product_reference": "8Base-Quay-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "quay/quay-openshift-bridge-rhel8-operator@sha256:c3accac2b227aa200d3a3774ce787eaf92783725e0bd8443b6f3b02787be9e6d_amd64 as a component of Quay v3",
          "product_id": "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:c3accac2b227aa200d3a3774ce787eaf92783725e0bd8443b6f3b02787be9e6d_amd64"
        },
        "product_reference": "quay/quay-openshift-bridge-rhel8-operator@sha256:c3accac2b227aa200d3a3774ce787eaf92783725e0bd8443b6f3b02787be9e6d_amd64",
        "relates_to_product_reference": "8Base-Quay-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "quay/quay-operator-bundle@sha256:f44ec43ace96887f007ef02b0f4234124df9c322c9349bce6f079667af2abc7a_amd64 as a component of Quay v3",
          "product_id": "8Base-Quay-3:quay/quay-operator-bundle@sha256:f44ec43ace96887f007ef02b0f4234124df9c322c9349bce6f079667af2abc7a_amd64"
        },
        "product_reference": "quay/quay-operator-bundle@sha256:f44ec43ace96887f007ef02b0f4234124df9c322c9349bce6f079667af2abc7a_amd64",
        "relates_to_product_reference": "8Base-Quay-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "quay/quay-rhel8-operator@sha256:1c575fd5e86c57c9ced3826b2f04f0ab69de226cff37b9cda6bc7962c928fef1_amd64 as a component of Quay v3",
          "product_id": "8Base-Quay-3:quay/quay-rhel8-operator@sha256:1c575fd5e86c57c9ced3826b2f04f0ab69de226cff37b9cda6bc7962c928fef1_amd64"
        },
        "product_reference": "quay/quay-rhel8-operator@sha256:1c575fd5e86c57c9ced3826b2f04f0ab69de226cff37b9cda6bc7962c928fef1_amd64",
        "relates_to_product_reference": "8Base-Quay-3"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Joey Schorr"
          ],
          "organization": "Red Hat",
          "summary": "This issue was discovered by Red Hat."
        }
      ],
      "cve": "CVE-2020-14313",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2020-06-29T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1853026"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An information disclosure vulnerability was found in Red Hat Quay. This flaw allows an attacker who can create a build trigger in a repository, to disclose the names of robot accounts and the existence of private repositories within any namespace.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "quay: build triggers can disclose robot account names and existence of private repos within namespaces",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-Quay-3:quay/quay-container-security-rhel8-operator-metadata@sha256:e6de465f8eb15f4e27775cf2cf943c2264adae799df254a15f81c89dd5791efc_amd64",
          "8Base-Quay-3:quay/quay-container-security-rhel8-operator@sha256:f6c5f198dfe86402d65659eb83517aedd6de5ce0eb1e93689dd5e5ab47010703_amd64",
          "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator-metadata@sha256:6dd16c3286714b577b1ab89a243514367e5e50fea74bc7eb02894ed3113f198b_amd64",
          "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:c3accac2b227aa200d3a3774ce787eaf92783725e0bd8443b6f3b02787be9e6d_amd64",
          "8Base-Quay-3:quay/quay-operator-bundle@sha256:f44ec43ace96887f007ef02b0f4234124df9c322c9349bce6f079667af2abc7a_amd64",
          "8Base-Quay-3:quay/quay-rhel8-operator@sha256:1c575fd5e86c57c9ced3826b2f04f0ab69de226cff37b9cda6bc7962c928fef1_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-14313"
        },
        {
          "category": "external",
          "summary": "RHBZ#1853026",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853026"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-14313",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-14313"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14313",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14313"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/errata/RHSA-2020:3525",
          "url": "https://access.redhat.com/errata/RHSA-2020:3525"
        }
      ],
      "release_date": "2020-07-06T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-08-19T19:50:53+00:00",
          "details": "Please download the release images via:\n\nquay.io/redhat/quay:v3.3.1\nquay.io/redhat/clair-jwt:v3.3.1\nquay.io/redhat/quay-builder:v3.3.1\nquay.io/redhat/clair:v3.3.1",
          "product_ids": [
            "8Base-Quay-3:quay/quay-container-security-rhel8-operator-metadata@sha256:e6de465f8eb15f4e27775cf2cf943c2264adae799df254a15f81c89dd5791efc_amd64",
            "8Base-Quay-3:quay/quay-container-security-rhel8-operator@sha256:f6c5f198dfe86402d65659eb83517aedd6de5ce0eb1e93689dd5e5ab47010703_amd64",
            "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator-metadata@sha256:6dd16c3286714b577b1ab89a243514367e5e50fea74bc7eb02894ed3113f198b_amd64",
            "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:c3accac2b227aa200d3a3774ce787eaf92783725e0bd8443b6f3b02787be9e6d_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:f44ec43ace96887f007ef02b0f4234124df9c322c9349bce6f079667af2abc7a_amd64",
            "8Base-Quay-3:quay/quay-rhel8-operator@sha256:1c575fd5e86c57c9ced3826b2f04f0ab69de226cff37b9cda6bc7962c928fef1_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:3525"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-Quay-3:quay/quay-container-security-rhel8-operator-metadata@sha256:e6de465f8eb15f4e27775cf2cf943c2264adae799df254a15f81c89dd5791efc_amd64",
            "8Base-Quay-3:quay/quay-container-security-rhel8-operator@sha256:f6c5f198dfe86402d65659eb83517aedd6de5ce0eb1e93689dd5e5ab47010703_amd64",
            "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator-metadata@sha256:6dd16c3286714b577b1ab89a243514367e5e50fea74bc7eb02894ed3113f198b_amd64",
            "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:c3accac2b227aa200d3a3774ce787eaf92783725e0bd8443b6f3b02787be9e6d_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:f44ec43ace96887f007ef02b0f4234124df9c322c9349bce6f079667af2abc7a_amd64",
            "8Base-Quay-3:quay/quay-rhel8-operator@sha256:1c575fd5e86c57c9ced3826b2f04f0ab69de226cff37b9cda6bc7962c928fef1_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "quay: build triggers can disclose robot account names and existence of private repos within namespaces"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2020-14313 (GCVE-0-2020-14313)

Vulnerability from cvelistv5

ghsa-qp9w-fqwx-r4j3

Vulnerability from github

gsd-2020-14313

Vulnerability from gsd

fkie_cve-2020-14313

Vulnerability from fkie_nvd

rhsa-2020:3525

Vulnerability from csaf_redhat

Tags

Sightings

Nomenclature