CVE-2026-10078 – Quay/config-tool: quay/config-tool: gitlab oauth client_secret exposed in url querystring

CVE ID :CVE-2026-10078

Published : May 29, 2026, 9:30 a.m. | 1 hour, 1 minute ago

Description :A flaw was found in the Quay config-tool’s GitLab OAuth validator. This vulnerability causes sensitive credentials, specifically client_id and client_secret, to be transmitted as plaintext in URL query parameters during POST requests to the GitLab endpoint. This insecure transmission can lead to the disclosure of these credentials in various system logs, such as server access logs, reverse proxy logs, and other monitoring systems. An attacker with access to these logs could potentially obtain these credentials, leading to unauthorized information disclosure.

Severity: 2.7 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2026-49325 – Indian Scout Bobber 2025 WCM voltage-based shutdown

CVE-2026-49318 – Indian Scout Bobber 2025 Infotainment Digital Round skips PIN entry when WCM is silent at boot

CVE-2026-49317 – Indian Scout Bobber 2025 Infotainment Digital Round skips PIN entry when WCM is silent at boot

CVE-2026-49316 – Indian Scout Bobber 2025 WCM CAN bus-off attack silently bypasses anti-theft shutdown