Home > Vulnerability Database > CVE-2020-27831

Mend.io Vulnerability Database

CVE-2020-27831

Date: May 26, 2021

A flaw was found in Red Hat Quay, where it does not properly protect the authorization token when authorizing email addresses for repository email notifications. This flaw allows an attacker to add email addresses they do not own to repository notifications.

Language: Python

Severity Score

4.3

Related Resources (6)

Url: https://github.com/quay/quay/pull/614

Url: https://access.redhat.com/security/cve/CVE-2020-27831

Url: https://nvd.nist.gov/vuln/detail/CVE-2020-27831

Url: https://bugzilla.redhat.com/show_bug.cgi?id=1905758

Url: https://github.com/quay/quay/commit/6965344ba3a3005039cd26fab58894e7e605c6cc#diff-3217723bc3244f7dcd07b880a7e4c0b5dde03913b743ef72767235a44aa273e7

Url: https://www.mend.io/vulnerability-database/CVE-2020-27831

Severity Score

4.3

Weakness Type (CWE)

Improper Access Control

CWE-284

Insufficiently Protected Credentials

CWE-522

CVSS v3.1

Base Score:	4.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

CVSS v2

Base Score:	4.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	SINGLE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2020-27831

Date: May 26, 2021

Language: Python

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?