Red Hat Quay v3.3.3 RHSA-2021:0050-01 Moderate: Email Bypass, XSS
red hat
January 11, 2021
Red Hat Quay v3.3.3 is now available with bug fixes and security updates
Solution
Download the release images via:
quay.io/redhat/quay:v3.3.3
quay.io/redhat/clair-jwt:v3.3.3
quay.io/redhat/quay-builder:v3.3.3
quay.io/redhat/clair:v3.3.3
Summary
This release of Red Hat Quay v3.3.3 includes:
Security Update(s):
* quay: persistent XSS in repository notification display (CVE-2020-27832)
* quay: email notifications authorization bypass (CVE-2020-27831)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Bug Fix(es):
* NVD feed fixed in Clair-v2 (clair-jwt image)
References
https://access.redhat.com/security/cve/CVE-2018-20843 https://access.redhat.com/security/cve/CVE-2019-5018 https://access.redhat.com/security/cve/CVE-2019-8625 https://access.redhat.com/security/cve/CVE-2019-8710 https://access.redhat.com/security/cve/CVE-2019-8720 https://access.redhat.com/security/cve/CVE-2019-8743 https://access.redhat.com/security/cve/CVE-2019-8764 https://access.redhat.com/security/cve/CVE-2019-8766 https://access.redhat.com/security/cve/CVE-2019-8769 https://access.redhat.com/security/cve/CVE-2019-8771 https://access.redhat.com/security/cve/CVE-2019-8782 https://access.redhat.com/security/cve/CVE-2019-8783 https://access.redhat.com/security/cve/CVE-2019-8808 https://access.redhat.com/security/cve/CVE-2019-8811 https://access.redhat.com/security/cve/CVE-2019-8812 https://access.redhat.com/security/cve/CVE-2019-8813 https://access.redhat.com/security/cve/CVE-2019-8814 https://access.redhat.com/security/cve/CVE-2019-8815 https://access.redhat.com/security/cve/CVE-2019-8816 https://access.redhat.com/security/cve/CVE-2019-8819 https://access.redhat.com/security/cve/CVE-2019-8820 https://access.redhat.com/security/cve/CVE-2019-8823 https://access.redhat.com/security/cve/CVE-2019-8835 https://access.redhat.com/security/cve/CVE-2019-8844 Read the Full Advisory
Package List
PREVIOUS
NEXT
Advisory ID: RHSA-2021:0050-01
Product: Red Hat Quay
Advisory URL: https://access.redhat.com/errata/RHSA-2021:0050
Issue date: 2021-01-11
Topic
Red Hat Quay v3.3.3 is now available with bug fixes and security updates.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVElink(s) in the References section.Note: Red Hat Quay v3.3.2 was not released publicly.
Relevant Releases Architectures
Bugs Fixed
1905758 - CVE-2020-27831 quay: email notifications authorization bypass
1905784 - CVE-2020-27832 quay: persistent XSS in repository notification display
5. JIRA issues fixed (https://issues.redhat.com/):
PROJQUAY-1124 - NVD feed is broken for latest Clair v2 version
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!