A flaw was found in Quay, where Quays database is stored in plain text in mirror-registry on Jinjas config.yaml file. This issue leaves the possibility of a malicious actor with access to this file to gain access to Quays Redis instance.
The product stores a password in plaintext within resources such as memory or files.