CVE-2020-14313
quay: build triggers can disclose robot account names and existence of private repos within namespaces
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An information disclosure vulnerability was found in Red Hat Quay in versions before 3.3.1. This flaw allows an attacker who can create a build trigger in a repository, to disclose the names of robot accounts and the existence of private repositories within any namespace.
Se encontró una vulnerabilidad de divulgación de información en Red Hat Quay en versiones anteriores a 3.3.1. Este fallo permite a un atacante que puede crear un desencadenamiento de compilación en un repositorio, divulgar los nombres de cuentas de robot y la existencia de repositorios privados dentro de cualquier espacio de nombres
An information disclosure vulnerability was found in Red Hat Quay. This flaw allows an attacker who can create a build trigger in a repository, to disclose the names of robot accounts and the existence of private repositories within any namespace.
Quay 3.3.1 release has been released. An issue where build triggers can disclose robot account names and existence of private repos within namespaces has been addressed.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-06-17 CVE Reserved
- 2020-08-11 CVE Published
- 2024-08-04 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (3)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1853026 | 2020-08-19 | |
| https://access.redhat.com/security/cve/CVE-2020-14313 | 2020-08-19 | |
| https://access.redhat.com/errata/RHSA-2020:3525 | 2020-08-19 |