RedHat: RHSA-2020-3525:01 Moderate: Red Hat Quay v3.3.1 security update
Summary
Quay 3.3.1 release, including:
Security Fix(es):
* quay: build triggers can disclose robot account names and existence of
private repos within namespaces (CVE-2020-14313)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Bug Fix(es):
* Quay 3.3.1 release (BZ#1844197)
Summary
Solution
Please download the release images via:
quay.io/redhat/quay:v3.3.1
quay.io/redhat/clair-jwt:v3.3.1
quay.io/redhat/quay-builder:v3.3.1
quay.io/redhat/clair:v3.3.1
References
https://access.redhat.com/security/cve/CVE-2020-11080 https://access.redhat.com/security/cve/CVE-2020-12049 https://access.redhat.com/security/cve/CVE-2020-13777 https://access.redhat.com/security/cve/CVE-2020-14313 https://access.redhat.com/security/updates/classification/#moderate
Package List
Topic
An update is now available for Red Hat Quay 3.3Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.
Topic
Relevant Releases Architectures
Bugs Fixed
1844197 - Quay 3.3.1 release
1853026 - CVE-2020-14313 quay: build triggers can disclose robot account names and existence of private repos within namespaces