What is GHSA-698x-9w2p-7vvp?

GHSA-698x-9w2p-7vvp is a security advisory published by GitHub Security Advisories with Medium severity. A flaw was found in Clair. The fetcher component makes outbound HTTP requests to attacker...

Which CVE IDs does GHSA-698x-9w2p-7vvp cover?

GHSA-698x-9w2p-7vvp covers the following CVE IDs: CVE-2026-10517. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-698x-9w2p-7vvp?

GHSA-698x-9w2p-7vvp has a CVSS v3 base score of 5.8, published by GitHub Security Advisories.

GHSA-698x-9w2p-7vvpMediumCVSS 5.8

A flaw was found in Clair. The fetcher component makes outbound HTTP requests to attacker...

Vendor

GitHub Security Advisories

Published

June 1, 2026

Last Modified

June 1, 2026

🔗 CVE IDs covered (1)

CVE-2026-10517 →

📋 Description

A flaw was found in Clair. The fetcher component makes outbound HTTP requests to attacker-supplied URIs from manifest layer descriptors without IP or scheme filtering. When PSK authentication is not configured (opt-in, not enforced by default), an unauthenticated attacker can submit a manifest with a URI pointing to internal services or cloud metadata endpoints. The SSRF is reflective for non-200 responses, leaking up to 256 bytes of error body content via CheckResponse error messages. Operator-managed Red Hat Quay deployments auto-configure PSK and are not exposed to the unauthenticated attack vector.

🔗 References (3)

https://nvd.nist.gov/vuln/detail/CVE-2026-10517
https://access.redhat.com/security/cve/CVE-2026-10517
https://github.com/advisories/GHSA-698x-9w2p-7vvp