Red Hat Quay and OpenShift Mirror Registry Server-Side Request Forgery Vulnerability

A Server-Side Request Forgery (SSRF) vulnerability has been identified in Red Hat Quay versions 3 (both RHEL 8 and RHEL 9) and in the OpenShift Mirror Registry component 'openshift/mirror-registry-rhel8'. This vulnerability allows authenticated users to exploit the log export feature by providing a specially crafted URL. The application's backend then makes arbitrary requests to internal network resources, potentially leading to unauthorized access to sensitive information or other internal systems.

Impact

Exploitation of this vulnerability could allow authenticated users to access internal network resources, bypassing normal access controls. This could result in unauthorized access to sensitive information or internal systems.

Reproduction

To reproduce this vulnerability, an authenticated user can use the log export feature to send a crafted URL to the application's backend. The backend will process this URL and make a request to the specified address, following any redirects and preserving the original HTTP method and request body. This behavior can be used to access internal network resources or sensitive information.