Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Quay: cross-site request forgery (csrf) on config-editor page
Vulnerability Description
A flaw was found in Quay. Cross-site request forgery (CSRF) attacks force a user to perform unwanted actions in an application. During the pentest, it was detected that the config-editor page is vulnerable to CSRF. The config-editor page is used to configure the Quay instance. By coercing the victim’s browser into sending an attacker-controlled request from another domain, it is possible to reconfigure the Quay instance (including adding users with admin privileges).
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Vulnerability Type
跨站请求伪造(CSRF)
Vulnerability Title
Red Hat Quay 跨站请求伪造漏洞
Vulnerability Description
Red Hat Quay是美国红帽(Red Hat)公司的一款分布式容器镜像仓库,它主要用于构建、分布和部署容器。 Red Hat Quay 存在安全漏洞,该漏洞源于通过使用社会工程等技术,或域本身或其他域中的现有漏洞,攻击者利用该漏洞可以在用户的上下文中静默执行操作。
CVSS Information
N/A
Vulnerability Type
N/A