References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Known Affected Software Configurations Switch to CPE 2.2

Change History

Red Hat, Inc. CWE-1021

Red Hat, Inc. CWE-451

OR
     *cpe:2.3:a:redhat:quay:3.0.0:*:*:*:*:*:*:*

NIST AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

NIST CWE-1021

https://access.redhat.com/security/cve/CVE-2023-4956 No Types Assigned

https://access.redhat.com/security/cve/CVE-2023-4956 Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2238886 No Types Assigned

https://bugzilla.redhat.com/show_bug.cgi?id=2238886 Issue Tracking

Red Hat, Inc. AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Red Hat, Inc. CWE-451

A flaw was found in Quay. Clickjacking is when an attacker uses multiple transparent or opaque layers to trick a user into clicking on a button or link on another page when they intend to click on the top-level page. During the pentest, it has been detected that the config-editor page is vulnerable to clickjacking. This flaw allows an attacker to trick an administrator user into clicking on buttons on the config-editor panel, possibly reconfiguring some parts of the Quay instance.

Red Hat, Inc. https://access.redhat.com/security/cve/CVE-2023-4956 [No types assigned]

Red Hat, Inc. https://bugzilla.redhat.com/show_bug.cgi?id=2238886 [No types assigned]