CVE-2020-27831

MEDIUM

Red Hat Quay 3.0.0-3.3.2 - Improper Access Control in Email Notification Authorization

Title source: llm
STIX 2.1

Description

A flaw was found in Red Hat Quay, where it does not properly protect the authorization token when authorizing email addresses for repository email notifications. This flaw allows an attacker to add email addresses they do not own to repository notifications.

References (1)

Core 1
Core References
Issue Tracking, Vendor Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=1905758

Scores

CVSS v3 4.3
EPSS 0.0013
EPSS Percentile 31.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Details

CWE
CWE-284 CWE-522
Status published
Products (1)
redhat/quay 3.0.0 - 3.3.3
Published May 27, 2021
Tracked Since Feb 18, 2026