Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

MIRROR-REGISTRY-2.0-RHEL-8

Source -

CNA

CNA CVEs -

1

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
1Vulnerabilities found
CVE-2025-3528
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-8.2||HIGH
EPSS-0.01% / 1.85%
||
7 Day CHG~0.00%
Published-09 May, 2025 | 11:58
Updated-14 Aug, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Mirror-registry: local privilege escalation due to incorrect permissions in mirror-registry

A flaw was found in the Mirror Registry. The quay-app container shipped as part of the Mirror Registry for OpenShift has write access to the `/etc/passwd`. This flaw allows a malicious actor with access to the container to modify the passwd file and elevate their privileges to the root user within that pod.

Action-Not Available
Vendor-Red Hat, Inc.
Product-mirror registry for Red Hat OpenShiftMIRROR-REGISTRY-2.0-RHEL-8
CWE ID-CWE-276
Incorrect Default Permissions