CVE-2024-5891 – This vulnerability in Quay allows attackers who... (How to Fix)

Q: What is the severity of CVE-2024-5891?

CVE-2024-5891 has a CVSS score of 4.2 (MEDIUM). This vulnerability in Quay allows attackers who obtain an application's client ID to use OAuth tokens for authentication, potentially accessing applications they shouldn't have access to. It affects systems where endpoints rely solely on authentication rather than proper authorization checks. Organizations using Quay with OAuth authentication are impacted.

📋 TL;DR

This vulnerability in Quay allows attackers who obtain an application's client ID to use OAuth tokens for authentication, potentially accessing applications they shouldn't have access to. It affects systems where endpoints rely solely on authentication rather than proper authorization checks. Organizations using Quay with OAuth authentication are impacted.

💻 Affected Systems

Products:

Quay

Versions: Specific versions not detailed in provided references; check Red Hat advisories for exact ranges

Operating Systems: Linux-based systems running Quay

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability affects configurations where endpoints rely only on authentication without proper authorization checks.

📦 What is this software?

Quay by Redhat

View all CVEs affecting Quay →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Unauthorized users gain access to sensitive applications and data by bypassing authentication controls, potentially leading to data breaches or privilege escalation.

🟠

Likely Case

Limited unauthorized access to specific applications where authentication alone is used for access control, without broader system compromise.

🟢

If Mitigated

Minimal impact if proper authorization checks are implemented alongside authentication, limiting access to authorized users only.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires obtaining client ID for targeted application; exploitation depends on specific OAuth configuration.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Red Hat advisories for specific patched versions

Vendor Advisory: https://access.redhat.com/security/cve/CVE-2024-5891

Restart Required: Yes

Instructions:

1. Check Red Hat advisory for patched Quay versions. 2. Update Quay to recommended version. 3. Restart Quay services. 4. Verify fix implementation.

🔧 Temporary Workarounds

Implement Authorization Checks

all

Ensure all endpoints implement proper authorization checks in addition to authentication.

Restrict Client ID Access

all

Limit access to client IDs and monitor for unauthorized OAuth token usage.

🧯 If You Can't Patch

Implement network segmentation to isolate Quay instances from sensitive systems
Enable detailed logging and monitoring for OAuth authentication attempts

🔍 How to Verify

Check if Vulnerable:

Check Quay version against Red Hat advisory; review OAuth configuration for authentication-only endpoints.

Check Version:

docker exec quay-registry quay --version or check Quay configuration files

Verify Fix Applied:

Verify Quay version is updated to patched version; test OAuth authentication with proper authorization checks.

📡 Detection & Monitoring

Log Indicators:

Unusual OAuth authentication attempts
Authentication from unexpected client IDs
Failed authorization checks following successful authentication

Network Indicators:

Unexpected OAuth token usage patterns
Authentication requests to restricted endpoints

SIEM Query:

source="quay" AND (event_type="authentication" AND result="success") AND NOT (event_type="authorization" AND result="success")

📊 Metadata

CVE ID: CVE-2024-5891

CVSS v3 Score: 4.2 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N

CWE: CWE-1390

Published: June 12, 2024

Last Updated: November 21, 2024

🔗 References

https://access.redhat.com/security/cve/CVE-2024-5891 Broken Link
https://bugzilla.redhat.com/show_bug.cgi?id=2283879 Issue Tracking,Permissions Required
https://access.redhat.com/security/cve/CVE-2024-5891 Broken Link
https://bugzilla.redhat.com/show_bug.cgi?id=2283879 Issue Tracking,Permissions Required

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-5891, you might also want to check these: