Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Quay: clickjacking on config-editor page severity
Vulnerability Description
A flaw was found in Quay. Clickjacking is when an attacker uses multiple transparent or opaque layers to trick a user into clicking on a button or link on another page when they intend to click on the top-level page. During the pentest, it has been detected that the config-editor page is vulnerable to clickjacking. This flaw allows an attacker to trick an administrator user into clicking on buttons on the config-editor panel, possibly reconfiguring some parts of the Quay instance.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Vulnerability Type
不当限制渲染UI层或帧
Vulnerability Title
Red Hat Quay 安全漏洞
Vulnerability Description
Red Hat Quay是美国红帽(Red Hat)公司的一款分布式容器镜像仓库,它主要用于构建、分布和部署容器。 Red Hat Quay 存在安全漏洞,该漏洞源于config-editor页面容易受到点击劫持攻击。攻击者可利用该漏洞诱骗管理员用户点击config-editor页面上的按钮来重新配置Quay实例。
CVSS Information
N/A
Vulnerability Type
N/A