By weakness (CWE)

CWE-598: related vulnerabilities

CVEs classified under CWE-598. Understanding the weakness class helps prioritize systemic fixes over one-off patches.

1 published vulnerability

  • CVE-2026-10078LOW 2.7

    Quay's config-tool contains a flaw in how it handles GitLab OAuth setup. When administrators configure GitLab as an identity provider, sensitive credentials (client ID and secret) are passed in plaintext within the URL query string of POST requests. This is problematic because these credentials can be logged by web servers, reverse proxies, load balancers, and monitoring systems—anywhere that records HTTP request details. An attacker who gains access to these logs could extract the credentials and impersonate Quay's OAuth client to GitLab, potentially gaining unauthorized access to repositories or other GitLab resources.