Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A vulnerability was discovered in all quay-2 versions before quay-3.0.0, in the Quay web GUI where POST requests include a specific parameter which is used as a CSRF token. The token is not refreshed for every request or when a user logged out and in again. An attacker could use a leaked token to gain access to the system using the user's account.
CVSS Information
N/A
Vulnerability Type
跨站请求伪造(CSRF)
Vulnerability Title
Red Hat Quay 跨站请求伪造漏洞
Vulnerability Description
Red Hat Quay是美国红帽(Red Hat)公司的一款分布式容器镜像仓库,它主要用于构建、分布和部署容器。 Red Hat Quay quay-3.0.0之前的quay-2版本中存在跨站请求伪造漏洞,该漏洞源于程序没有正确刷新CSRF令牌。远程攻击者可利用该漏洞使用用户帐户访问系统。
CVSS Information
N/A
Vulnerability Type
N/A