Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-4956

A flaw was found in Quay. Clickjacking is when an attacker uses multiple transparent or opaque layers to trick a user into clicking on a button or link on another page when they intend to click on the top-level page. During the pentest, it has been detected that the config-editor page is vulnerable to clickjacking. This flaw allows an attacker to trick an administrator user into clicking on buttons on the config-editor panel, possibly reconfiguring some parts of the Quay instance.

Published

2023-11-07T20:15:08.970

Last Modified

2024-11-21T08:36:20.217

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

Weaknesses

Type: Secondary
CWE-1021
Type: Primary
CWE-1021

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	redhat	quay	3.0.0	Yes

References

https://access.redhat.com/security/cve/CVE-2023-4956 Vendor Advisory ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=2238886 Issue Tracking ([email protected])
https://access.redhat.com/security/cve/CVE-2023-4956 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=2238886 Issue Tracking (af854a3a-2127-422b-91ae-364da2661108)