5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.2 Medium
AI Score
Confidence
High
0.0005 Low
EPSS
Percentile
18.1%
A flaw was found in the Quay registry. While the image labels created through Quay undergo validation both in the UI and backend by applying a regex (validation.py), the same validation is
not performed when the label comes from an image. This flaw allows an attacker to publish a malicious image to a public registry containing a script that can be executed via Cross-site scripting (XSS).
CPE | Name | Operator | Version |
---|---|---|---|
redhat:quay | redhat quay | eq | 3.0.0 |
[
{
"vendor": "Red Hat",
"product": "Red Hat Quay 3",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "quay/quay-rhel8",
"defaultStatus": "affected",
"cpes": [
"cpe:/a:redhat:quay:3"
]
}
]
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.2 Medium
AI Score
Confidence
High
0.0005 Low
EPSS
Percentile
18.1%