CVE-2026-10052

The CVE-2026-10052 entry describes a flaw in Quay config-tool where LDAP and SMTP validation endpoints can initiate outbound connections to user-supplied endpoints. With config editor access, an attacker can trigger requests from the Quay pod, enabling potential internal network reconnaissance an...

CVE-2026-10052

A flaw was found in the Quay config-tool's LDAP and SMTP validation functions. An attacker with config editor access can exploit these functions, which make outbound connections to user-supplied endpoints without proper IP or host filtering. This allows the attacker to perform internal network...

CVE-2026-10052

A flaw was found in the Quay config-tool's LDAP and SMTP validation functions. An attacker with config editor access can exploit these functions, which make outbound connections to user-supplied endpoints without proper IP or host filtering. This allows the attacker to perform internal network...

EUVD-2026-33260

A flaw was found in the Quay config-tool's LDAP and SMTP validation functions. An attacker with config editor access can exploit these functions, which make outbound connections to user-supplied endpoints without proper IP or host filtering. This allows the attacker to perform internal network...

EUVD-2023-54795

Malicious code in bioql PyPI...

EUVD-2023-54792

Malicious code in bioql PyPI...

Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Business Automation Workflow Configuration Editor

Summary IBM Business Automation Workflow Configuration Editor repackages a vulnerable version of Node.js and express. Vulnerability Details CVEID:CVE-2024-27982 DESCRIPTION: Node.js is vulnerable to HTTP request smuggling, caused by the use of content length obfuscation in the http server. By...

CVE-2023-4956

A flaw was found in Quay. Clickjacking is when an attacker uses multiple transparent or opaque layers to trick a user into clicking on a button or link on another page when they intend to click on the top-level page. During the pentest, it has been detected that the config-editor page is vulnerab...

Design/Logic Flaw

A flaw was found in Quay. Clickjacking is when an attacker uses multiple transparent or opaque layers to trick a user into clicking on a button or link on another page when they intend to click on the top-level page. During the pentest, it has been detected that the config-editor page is vulnerab...

CVE-2023-4956 Quay: clickjacking on config-editor page severity

A flaw was found in Quay. Clickjacking is when an attacker uses multiple transparent or opaque layers to trick a user into clicking on a button or link on another page when they intend to click on the top-level page. During the pentest, it has been detected that the config-editor page is vulnerab...

CVE-2023-4956

CVE-2023-4956 describes a clickjacking vulnerability in Red Hat Quay, where the config-editor page can be framed to trick an administrator into clicking UI controls, potentially reconfiguring parts of the Quay instance. Affected: Quay (config-editor). Root cause: improper framing protection enabl...

PT-2023-31258 · Quay · Quay

Name of the Vulnerable Software and Affected Versions: Quay affected versions not specified Description: A flaw was found in Quay, where clickjacking allows an attacker to trick a user into clicking on a button or link on another page. The config-editor page is vulnerable to clickjacking, which...

CVE-2023-4959

A flaw was found in Quay. Cross-site request forgery CSRF attacks force a user to perform unwanted actions in an application. During the pentest, it was detected that the config-editor page is vulnerable to CSRF. The config-editor page is used to configure the Quay instance. By coercing the...

CVE-2023-4959

A flaw was found in Quay. Cross-site request forgery CSRF attacks force a user to perform unwanted actions in an application. During the pentest, it was detected that the config-editor page is vulnerable to CSRF. The config-editor page is used to configure the Quay instance. By coercing the...

Cross site request forgery (csrf)

A flaw was found in Quay. Cross-site request forgery CSRF attacks force a user to perform unwanted actions in an application. During the pentest, it was detected that the config-editor page is vulnerable to CSRF. The config-editor page is used to configure the Quay instance. By coercing the...

CVE-2023-4956

A flaw was found in Quay. Clickjacking is when an attacker uses multiple transparent or opaque layers to trick a user into clicking on a button or link on another page when they intend to click on the top-level page. During the pentest, it has been detected that the config-editor page is vulnerab...

CVE-2023-4959 Quay: cross-site request forgery (csrf) on config-editor page

A flaw was found in Quay. Cross-site request forgery CSRF attacks force a user to perform unwanted actions in an application. During the pentest, it was detected that the config-editor page is vulnerable to CSRF. The config-editor page is used to configure the Quay instance. By coercing the...

CVE-2023-4959 Quay: cross-site request forgery (csrf) on config-editor page

A flaw was found in Quay. Cross-site request forgery CSRF attacks force a user to perform unwanted actions in an application. During the pentest, it was detected that the config-editor page is vulnerable to CSRF. The config-editor page is used to configure the Quay instance. By coercing the...

Red Hat Quay Security Vulnerability

Red Hat Quay is a distributed container image repository from Red Hat, Inc. that is used to build, distribute and deploy containers. Red Hat Quay suffers from a security vulnerability that stems from the vulnerability of config-editor pages to clickjacking attacks. An attacker can exploit this...

PT-2023-31269 · Quay · Quay

Name of the Vulnerable Software and Affected Versions: Quay affected versions not specified Description: A flaw was found in Quay, allowing cross-site request forgery CSRF attacks to force a user to perform unwanted actions in an application. The config-editor page, used to configure the Quay...