Mirror-registry: quay: quay: server-side request forgery via log export functionality
Summary
| CVE | CVE-2026-2377 |
|---|---|
| State | PUBLISHED |
| Assigner | redhat |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2026-04-08 17:21:16 UTC |
| Updated | 2026-07-01 13:16:58 UTC |
| Description | A flaw was found in Red Hat Quay and mirror registry for Red Hat OpenShift. The log export feature in these products allows an authenticated user to specify an arbitrary callback URL. A backend process then makes server-side HTTP requests to this provided URL. This vulnerability, known as Server-Side Request Forgery (SSRF), could allow an attacker to send requests from the application's internal network, potentially leading to the disclosure of sensitive information. |
Risk And Classification
Primary CVSS: v3.1 6.5 MEDIUM from ADP
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS: 0.004050000 probability, percentile 0.324500000 (date 2026-07-04)
Problem Types: CWE-918 | CWE-918 Server-Side Request Forgery (SSRF)
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 3.1 | ADP | CVSS | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
| 3.1 | [email protected] | Secondary | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
| 3.1 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | Secondary | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
| 3.1 | CNA | CVSS | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
CVSS v3.1 Breakdown
Attack Vector
NetworkAttack Complexity
LowPrivileges Required
LowUser Interaction
NoneScope
UnchangedConfidentiality
HighIntegrity
NoneAvailability
NoneCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Redhat | Mirror Registry For Red Hat Openshift | - | All | All | All |
| Application | Redhat | Mirror Registry For Red Hat Openshift | 2.0 | All | All | All |
| Application | Redhat | Quay | 3.0.0 | All | All | All |
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | Red Hat | Red Hat Quay 3.10 | unaffected 1779822261 * rpm | Not specified |
| CNA | Red Hat | Red Hat Quay 3.12 | unaffected 1779811412 * rpm | Not specified |
| CNA | Red Hat | Red Hat Quay 3.14 | unaffected 1779689392 * rpm | Not specified |
| CNA | Red Hat | Red Hat Quay 3.15 | unaffected 1780891395 * rpm | Not specified |
| CNA | Red Hat | Red Hat Quay 3.16 | unaffected 1779204086 * rpm | Not specified |
| CNA | Red Hat | Red Hat Quay 3.9 | unaffected 1779811473 * rpm | Not specified |
| CNA | Red Hat | Mirror Registry For Red Hat OpenShift | Not specified | Not specified |
| CNA | Red Hat | Mirror Registry For Red Hat OpenShift 2 | Not specified | Not specified |
| ADP | Red Hat | Red Hat Quay 3.10 | Not specified | Not specified |
| ADP | Red Hat | Red Hat Quay 3.12 | Not specified | Not specified |
| ADP | Red Hat | Red Hat Quay 3.14 | Not specified | Not specified |
| ADP | Red Hat | Red Hat Quay 3.15 | Not specified | Not specified |
| ADP | Red Hat | Red Hat Quay 3.16 | Not specified | Not specified |
| ADP | Red Hat | Red Hat Quay 3.9 | Not specified | Not specified |
| ADP | Red Hat | Mirror Registry For Red Hat OpenShift | Not specified | Not specified |
| ADP | Red Hat | Mirror Registry For Red Hat OpenShift 2 | Not specified | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| access.redhat.com/errata/RHSA-2026:24853 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | access.redhat.com | |
| access.redhat.com/errata/RHSA-2026:22629 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | access.redhat.com | |
| access.redhat.com/errata/RHSA-2026:21017 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | access.redhat.com | |
| security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-2377.json | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | security.access.redhat.com | |
| access.redhat.com/errata/RHSA-2026:19375 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | access.redhat.com | |
| access.redhat.com/errata/RHSA-2026:23361 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | access.redhat.com | |
| bugzilla.redhat.com/show_bug.cgi | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | bugzilla.redhat.com | Issue Tracking, Vendor Advisory |
| access.redhat.com/errata/RHSA-2026:22840 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | access.redhat.com | |
| access.redhat.com/security/cve/CVE-2026-2377 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | access.redhat.com | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
CNA: Red Hat would like to thank Antony Di Scala and Michael Whale for reporting this issue. (en)
Additional Advisory Data
| Source | Time | Event |
|---|---|---|
| CNA | 2026-02-11T21:02:44.495Z | Reported to Red Hat. |
| CNA | 2026-04-08T16:18:10.324Z | Made public. |
| ADP | 2026-02-11T21:02:44.495Z | Reported to Red Hat. |
| ADP | 2026-04-08T16:18:10.324Z | Made public. |
Solutions
ADP: RHSA-2026:22840: Red Hat Quay 3.10
ADP: RHSA-2026:22629: Red Hat Quay 3.12
ADP: RHSA-2026:21017: Red Hat Quay 3.14
ADP: RHSA-2026:24853: Red Hat Quay 3.15
ADP: RHSA-2026:19375: Red Hat Quay 3.16
ADP: RHSA-2026:23361: Red Hat Quay 3.9
There are currently no legacy QID mappings associated with this CVE.