Red Hat Quay Authentication Bypass Vulnerability Allowing Privileged Actions

An authentication bypass vulnerability has been identified in Red Hat Quay versions 3.9 through 3.17. This flaw allows users with timed-out sessions, or attackers with access to idle authenticated browser sessions, to bypass re-authentication prompts for sensitive operations such as token generation and robot account creation. Although the user interface indicates an error for invalid credentials, the operations are still executed in the background, enabling unauthorized access to privileged functions.

Impact

Exploiting this vulnerability allows for unauthorized execution of sensitive operations, such as generating tokens or creating robot accounts, without valid credentials. This could lead to unauthorized access or actions being performed on behalf of the user.

Reproduction

The vulnerability can be reproduced by initiating a sensitive operation that requires re-authentication, such as creating a robot account or generating a token, after the session has timed out. The re-authentication prompt can be ignored, and the operation will still be completed successfully, despite the user interface displaying an error for invalid credentials.