CVE-2026-2377
Gravedad CVSS v3.1:
MEDIA
Tipo:
CWE-918
Falsificación de solicitud en servidor (SSRF)
Fecha de publicación:
08/04/2026
Última modificación:
01/07/2026
Descripción
*** Pendiente de traducción *** A flaw was found in Red Hat Quay and mirror registry for Red Hat OpenShift. The log export feature in these products allows an authenticated user to specify an arbitrary callback URL. A backend process then makes server-side HTTP requests to this provided URL. This vulnerability, known as Server-Side Request Forgery (SSRF), could allow an attacker to send requests from the application's internal network, potentially leading to the disclosure of sensitive information.
Impacto
Puntuación base 3.x
6.50
Gravedad 3.x
MEDIA
Productos y versiones vulnerables
| CPE | Desde | Hasta |
|---|---|---|
| cpe:2.3:a:redhat:mirror_registry_for_red_hat_openshift:-:*:*:*:*:*:*:* | ||
| cpe:2.3:a:redhat:mirror_registry_for_red_hat_openshift:2.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:redhat:quay:3.0.0:*:*:*:*:*:*:* |
Para consultar la lista completa de nombres de CPE con productos y versiones, ver esta página
Referencias a soluciones, herramientas e información
- https://access.redhat.com/errata/RHSA-2026:19375
- https://access.redhat.com/errata/RHSA-2026:21017
- https://access.redhat.com/errata/RHSA-2026:22629
- https://access.redhat.com/errata/RHSA-2026:22840
- https://access.redhat.com/errata/RHSA-2026:23361
- https://access.redhat.com/errata/RHSA-2026:24853
- https://access.redhat.com/security/cve/CVE-2026-2377
- https://bugzilla.redhat.com/show_bug.cgi?id=2439201
- https://access.redhat.com/errata/RHSA-2026:19375
- https://access.redhat.com/errata/RHSA-2026:21017
- https://access.redhat.com/errata/RHSA-2026:22629
- https://access.redhat.com/errata/RHSA-2026:22840
- https://access.redhat.com/errata/RHSA-2026:23361
- https://access.redhat.com/errata/RHSA-2026:24853
- https://access.redhat.com/security/cve/CVE-2026-2377
- https://bugzilla.redhat.com/show_bug.cgi?id=2439201
- https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-2377.json



