- Issued:
- 2021-01-11
- Updated:
- 2021-01-11
RHSA-2021:0050 - Security Advisory
Synopsis
Moderate: Red Hat Quay v3.3.3 bug fix and security update
Type/Severity
Security Advisory: Moderate
Topic
Red Hat Quay v3.3.3 is now available with bug fixes and security updates.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
Note: Red Hat Quay v3.3.2 was not released publicly.
Description
This release of Red Hat Quay v3.3.3 includes:
Security Update(s):
- quay: persistent XSS in repository notification display (CVE-2020-27832)
- quay: email notifications authorization bypass (CVE-2020-27831)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Bug Fix(es):
- NVD feed fixed in Clair-v2 (clair-jwt image)
Solution
Download the release images via:
quay.io/redhat/quay:v3.3.3
quay.io/redhat/clair-jwt:v3.3.3
quay.io/redhat/quay-builder:v3.3.3
quay.io/redhat/clair:v3.3.3
Affected Products
- Red Hat Quay Enterprise 3 x86_64
Fixes
- BZ - 1905758 - CVE-2020-27831 quay: email notifications authorization bypass
- BZ - 1905784 - CVE-2020-27832 quay: persistent XSS in repository notification display
CVEs
- CVE-2018-20843
- CVE-2019-5018
- CVE-2019-8625
- CVE-2019-8710
- CVE-2019-8720
- CVE-2019-8743
- CVE-2019-8764
- CVE-2019-8766
- CVE-2019-8769
- CVE-2019-8771
- CVE-2019-8782
- CVE-2019-8783
- CVE-2019-8808
- CVE-2019-8811
- CVE-2019-8812
- CVE-2019-8813
- CVE-2019-8814
- CVE-2019-8815
- CVE-2019-8816
- CVE-2019-8819
- CVE-2019-8820
- CVE-2019-8823
- CVE-2019-8835
- CVE-2019-8844
- CVE-2019-8846
- CVE-2019-13050
- CVE-2019-13627
- CVE-2019-14889
- CVE-2019-15165
- CVE-2019-15903
- CVE-2019-16168
- CVE-2019-16935
- CVE-2019-19221
- CVE-2019-19906
- CVE-2019-19956
- CVE-2019-20218
- CVE-2019-20387
- CVE-2019-20388
- CVE-2019-20454
- CVE-2019-20807
- CVE-2019-20907
- CVE-2019-20916
- CVE-2020-1730
- CVE-2020-1751
- CVE-2020-1752
- CVE-2020-1971
- CVE-2020-3862
- CVE-2020-3864
- CVE-2020-3865
- CVE-2020-3867
- CVE-2020-3868
- CVE-2020-3885
- CVE-2020-3894
- CVE-2020-3895
- CVE-2020-3897
- CVE-2020-3899
- CVE-2020-3900
- CVE-2020-3901
- CVE-2020-3902
- CVE-2020-6405
- CVE-2020-7595
- CVE-2020-8492
- CVE-2020-9327
- CVE-2020-9802
- CVE-2020-9803
- CVE-2020-9805
- CVE-2020-9806
- CVE-2020-9807
- CVE-2020-9843
- CVE-2020-9850
- CVE-2020-9862
- CVE-2020-9893
- CVE-2020-9894
- CVE-2020-9895
- CVE-2020-9915
- CVE-2020-9925
- CVE-2020-10018
- CVE-2020-10029
- CVE-2020-11793
- CVE-2020-13630
- CVE-2020-13631
- CVE-2020-13632
- CVE-2020-14382
- CVE-2020-14391
- CVE-2020-14422
- CVE-2020-15503
- CVE-2020-24659
- CVE-2020-27831
- CVE-2020-27832
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.