{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-2377", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2026-02-11T20:57:59.704Z", "datePublished": "2026-04-08T16:26:07.649Z", "dateUpdated": "2026-06-25T20:54:44.008Z"}, "containers": {"cna": {"title": "Mirror-registry: quay: quay: server-side request forgery via log export functionality", "metrics": [{"other": {"content": {"value": "Important", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A flaw was found in Red Hat Quay and mirror registry for Red Hat OpenShift. The log export feature in these products allows an authenticated user to specify an arbitrary callback URL. A backend process then makes server-side HTTP requests to this provided URL. This vulnerability, known as Server-Side Request Forgery (SSRF), could allow an attacker to send requests from the application's internal network, potentially leading to the disclosure of sensitive information."}], "affected": [{"vendor": "Red Hat", "product": "Red Hat Quay 3.1", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "quay/quay-rhel8", "defaultStatus": "affected", "versions": [{"version": "1779822261", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:quay:3.10::el8"]}, {"vendor": "Red Hat", "product": "Red Hat Quay 3.12", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "quay/quay-rhel8", "defaultStatus": "affected", "versions": [{"version": "1779811412", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:quay:3.12::el8"]}, {"vendor": "Red Hat", "product": "Red Hat Quay 3.14", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "quay/quay-rhel8", "defaultStatus": "affected", "versions": [{"version": "1779689392", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:quay:3.14::el8"]}, {"vendor": "Red Hat", "product": "Red Hat Quay 3.15", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "quay/quay-rhel8", "defaultStatus": "affected", "versions": [{"version": "1780891395", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:quay:3.15::el8"]}, {"vendor": "Red Hat", "product": "Red Hat Quay 3.16", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "quay/quay-rhel9", "defaultStatus": "affected", "versions": [{"version": "1779204086", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:quay:3.16::el9"]}, {"vendor": "Red Hat", "product": "Red Hat Quay 3.9", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "quay/quay-rhel8", "defaultStatus": "affected", "versions": [{"version": "1779811473", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:quay:3.9::el8"]}, {"vendor": "Red Hat", "product": "mirror registry for Red Hat OpenShift", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openshift/mirror-registry-rhel8", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:mirror_registry:1"]}, {"vendor": "Red Hat", "product": "mirror registry for Red Hat OpenShift 2", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openshift/mirror-registry-rhel8", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:mirror_registry:2"]}], "references": [{"url": "https://access.redhat.com/errata/RHSA-2026:19375", "name": "RHSA-2026:19375", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2026:21017", "name": "RHSA-2026:21017", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2026:22629", "name": "RHSA-2026:22629", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2026:22840", "name": "RHSA-2026:22840", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2026:23361", "name": "RHSA-2026:23361", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2026:24853", "name": "RHSA-2026:24853", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2026-2377", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2439201", "name": "RHBZ#2439201", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "datePublic": "2026-04-08T16:18:10.324Z", "problemTypes": [{"descriptions": [{"cweId": "CWE-918", "description": "Server-Side Request Forgery (SSRF)", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-918: Server-Side Request Forgery (SSRF)", "timeline": [{"lang": "en", "time": "2026-02-11T21:02:44.495Z", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2026-04-08T16:18:10.324Z", "value": "Made public."}], "credits": [{"lang": "en", "value": "Red Hat would like to thank Antony Di Scala and Michael Whale for reporting this issue."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2026-06-25T20:54:44.008Z"}, "x_generator": {"engine": "cvelib 1.8.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-08T18:42:52.638708Z", "id": "CVE-2026-2377", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-08T18:43:00.505Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-2377", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-08T18:42:52.638708Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-08T18:42:56.263Z"}}], "cna": {"title": "Mirror-registry: quay: quay: server-side request forgery via log export functionality", "credits": [{"lang": "en", "value": "Red Hat would like to thank Antony Di Scala and Michael Whale for reporting this issue."}], "metrics": [{"other": {"type": "Red Hat severity rating", "content": {"value": "Important", "namespace": "https://access.redhat.com/security/updates/classification/"}}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"cpes": ["cpe:/a:redhat:quay:3.10::el8"], "vendor": "Red Hat", "product": "Red Hat Quay 3.1", "versions": [{"status": "unaffected", "version": "1779822261", "lessThan": "*", "versionType": "rpm"}], "packageName": "quay/quay-rhel8", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:quay:3.12::el8"], "vendor": "Red Hat", "product": "Red Hat Quay 3.12", "versions": [{"status": "unaffected", "version": "1779811412", "lessThan": "*", "versionType": "rpm"}], "packageName": "quay/quay-rhel8", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:quay:3.14::el8"], "vendor": "Red Hat", "product": "Red Hat Quay 3.14", "versions": [{"status": "unaffected", "version": "1779689392", "lessThan": "*", "versionType": "rpm"}], "packageName": "quay/quay-rhel8", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:quay:3.15::el8"], "vendor": "Red Hat", "product": "Red Hat Quay 3.15", "versions": [{"status": "unaffected", "version": "1780891395", "lessThan": "*", "versionType": "rpm"}], "packageName": "quay/quay-rhel8", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:quay:3.16::el9"], "vendor": "Red Hat", "product": "Red Hat Quay 3.16", "versions": [{"status": "unaffected", "version": "1779204086", "lessThan": "*", "versionType": "rpm"}], "packageName": "quay/quay-rhel9", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:quay:3.9::el8"], "vendor": "Red Hat", "product": "Red Hat Quay 3.9", "versions": [{"status": "unaffected", "version": "1779811473", "lessThan": "*", "versionType": "rpm"}], "packageName": "quay/quay-rhel8", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:mirror_registry:1"], "vendor": "Red Hat", "product": "mirror registry for Red Hat OpenShift", "packageName": "openshift/mirror-registry-rhel8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:mirror_registry:2"], "vendor": "Red Hat", "product": "mirror registry for Red Hat OpenShift 2", "packageName": "openshift/mirror-registry-rhel8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}], "timeline": [{"lang": "en", "time": "2026-02-11T21:02:44.495Z", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2026-04-08T16:18:10.324Z", "value": "Made public."}], "datePublic": "2026-04-08T16:18:10.324Z", "references": [{"url": "https://access.redhat.com/errata/RHSA-2026:19375", "name": "RHSA-2026:19375", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2026:21017", "name": "RHSA-2026:21017", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2026:22629", "name": "RHSA-2026:22629", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2026:22840", "name": "RHSA-2026:22840", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2026:23361", "name": "RHSA-2026:23361", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2026:24853", "name": "RHSA-2026:24853", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2026-2377", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2439201", "name": "RHBZ#2439201", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "x_generator": {"engine": "cvelib 1.8.0"}, "descriptions": [{"lang": "en", "value": "A flaw was found in Red Hat Quay and mirror registry for Red Hat OpenShift. The log export feature in these products allows an authenticated user to specify an arbitrary callback URL. A backend process then makes server-side HTTP requests to this provided URL. This vulnerability, known as Server-Side Request Forgery (SSRF), could allow an attacker to send requests from the application's internal network, potentially leading to the disclosure of sensitive information."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-918", "description": "Server-Side Request Forgery (SSRF)"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2026-06-25T20:54:44.008Z"}, "x_redhatCweChain": "CWE-918: Server-Side Request Forgery (SSRF)"}}, "cveMetadata": {"cveId": "CVE-2026-2377", "state": "PUBLISHED", "dateUpdated": "2026-06-25T20:54:44.008Z", "dateReserved": "2026-02-11T20:57:59.704Z", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "datePublished": "2026-04-08T16:26:07.649Z", "assignerShortName": "redhat"}, "dataVersion": "5.2"}

{"affected": [{"affectedData": [{"collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": ["cpe:/a:redhat:quay:3.10::el8"], "defaultStatus": "affected", "packageName": "quay/quay-rhel8", "product": "Red Hat Quay 3.1", "vendor": "Red Hat", "versions": [{"lessThan": "*", "status": "unaffected", "version": "1779822261", "versionType": "rpm"}]}, {"collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": ["cpe:/a:redhat:quay:3.12::el8"], "defaultStatus": "affected", "packageName": "quay/quay-rhel8", "product": "Red Hat Quay 3.12", "vendor": "Red Hat", "versions": [{"lessThan": "*", "status": "unaffected", "version": "1779811412", "versionType": "rpm"}]}, {"collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": ["cpe:/a:redhat:quay:3.14::el8"], "defaultStatus": "affected", "packageName": "quay/quay-rhel8", "product": "Red Hat Quay 3.14", "vendor": "Red Hat", "versions": [{"lessThan": "*", "status": "unaffected", "version": "1779689392", "versionType": "rpm"}]}, {"collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": ["cpe:/a:redhat:quay:3.15::el8"], "defaultStatus": "affected", "packageName": "quay/quay-rhel8", "product": "Red Hat Quay 3.15", "vendor": "Red Hat", "versions": [{"lessThan": "*", "status": "unaffected", "version": "1780891395", "versionType": "rpm"}]}, {"collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": ["cpe:/a:redhat:quay:3.16::el9"], "defaultStatus": "affected", "packageName": "quay/quay-rhel9", "product": "Red Hat Quay 3.16", "vendor": "Red Hat", "versions": [{"lessThan": "*", "status": "unaffected", "version": "1779204086", "versionType": "rpm"}]}, {"collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": ["cpe:/a:redhat:quay:3.9::el8"], "defaultStatus": "affected", "packageName": "quay/quay-rhel8", "product": "Red Hat Quay 3.9", "vendor": "Red Hat", "versions": [{"lessThan": "*", "status": "unaffected", "version": "1779811473", "versionType": "rpm"}]}, {"collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": ["cpe:/a:redhat:mirror_registry:1"], "defaultStatus": "affected", "packageName": "openshift/mirror-registry-rhel8", "product": "mirror registry for Red Hat OpenShift", "vendor": "Red Hat"}, {"collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": ["cpe:/a:redhat:mirror_registry:2"], "defaultStatus": "affected", "packageName": "openshift/mirror-registry-rhel8", "product": "mirror registry for Red Hat OpenShift 2", "vendor": "Red Hat"}], "source": "secalert@redhat.com"}], "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:mirror_registry_for_red_hat_openshift:-:*:*:*:*:*:*:*", "matchCriteriaId": "63757310-FC5B-44E6-9211-36269827BC56", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:mirror_registry_for_red_hat_openshift:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "281E6AA4-1E08-488F-BA7A-F0BE7CF42A5B", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:quay:3.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "B1987BDA-0113-4603-B9BE-76647EB043F2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw was found in mirror-registry. Authenticated users can exploit the log export feature by providing a specially crafted web address (URL). This allows the application's backend to make arbitrary requests to internal network resources, a vulnerability known as Server-Side Request Forgery (SSRF). This could lead to unauthorized access to sensitive information or other internal systems."}], "id": "CVE-2026-2377", "lastModified": "2026-06-17T10:30:52.040", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "secalert@redhat.com", "type": "Secondary"}], "ssvcV203": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "ssvcData": {"id": "CVE-2026-2377", "options": [{"exploitation": "none"}, {"automatable": "no"}, {"technicalImpact": "partial"}], "role": "CISA Coordinator", "timestamp": "2026-04-08T18:42:52.638708Z", "version": "2.0.3"}}]}, "published": "2026-04-08T17:21:16.237", "references": [{"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2026:19375"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2026:21017"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2026:22629"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2026:22840"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2026:23361"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2026:24853"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2026-2377"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2439201"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-918"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{"bugzilla": {"description": "mirror-registry: quay: quay: Server-Side Request Forgery via log export functionality", "id": "2439201", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2439201"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "status": "draft"}, "cwe": "CWE-918", "details": ["A flaw was found in mirror-registry. Authenticated users can exploit the log export feature by providing a specially crafted web address (URL). This allows the application's backend to make arbitrary requests to internal network resources, a vulnerability known as Server-Side Request Forgery (SSRF). This could lead to unauthorized access to sensitive information or other internal systems."], "name": "CVE-2026-2377", "package_state": [{"cpe": "cpe:/a:redhat:mirror_registry:1", "fix_state": "Fix deferred", "impact": "moderate", "package_name": "openshift/mirror-registry-rhel8", "product_name": "mirror registry for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:mirror_registry:2", "fix_state": "Fix deferred", "impact": "moderate", "package_name": "openshift/mirror-registry-rhel8", "product_name": "mirror registry for Red Hat OpenShift 2"}, {"cpe": "cpe:/a:redhat:quay:3", "fix_state": "Affected", "package_name": "quay/quay-rhel8", "product_name": "Red Hat Quay 3"}, {"cpe": "cpe:/a:redhat:quay:3", "fix_state": "Affected", "package_name": "quay/quay-rhel9", "product_name": "Red Hat Quay 3"}], "public_date": "2026-04-08T16:18:10Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-2377\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-2377"], "statement": "Due to the intended and supported use case of Openshift Mirror Registry, deployment in an offline or network-isolated environment, the impact for this product has been downgraded to `Moderate`.\nEven in case of compromise, the blast radius is restricted to mirror-registry. It can not be escalated outside the core product. This vulnerability has been scored based on the lack of change of scope.", "threat_severity": "Important"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": null}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "mirror registry for Red Hat OpenShift", "source": "cna", "vendor": "Red Hat"}, "product": "mirror_registry", "vendor": "redhat"}, {"configurations": [{"platform": null, "status": "affected", "versions": null}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "Red Hat Quay 3", "source": "cna", "vendor": "Red Hat"}, "product": "quay", "vendor": "redhat"}], "created": "2026-04-08T19:39:06.861077+00:00", "updated": "2026-06-25T23:00:14.374576+00:00", "vendors": ["redhat", "redhat$PRODUCT$mirror_registry", "redhat$PRODUCT$quay"]}