Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Quay Security Vulnerabilities - 2023

cve
cve

CVE-2023-3384

A flaw was found in the Quay registry. While the image labels created through Quay undergo validation both in the UI and backend by applying a regex (validation.py), the same validation isnot performed when the label comes from an image. This flaw allows an attacker to publish a malicious image to ...

5.4CVSS

5.2AI Score

0.001EPSS

2023-07-24 04:15 PM
62
cve
cve

CVE-2023-44487

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

7.5CVSS

8AI Score

0.813EPSS

2023-10-10 02:15 PM
3025
In Wild
cve
cve

CVE-2023-4956

A flaw was found in Quay. Clickjacking is when an attacker uses multiple transparent or opaque layers to trick a user into clicking on a button or link on another page when they intend to click on the top-level page. During the pentest, it has been detected that the config-editor page is vulnerable...

6.5CVSS

4.4AI Score

0.0005EPSS

2023-11-07 08:15 PM
52
cve
cve

CVE-2023-4959

A flaw was found in Quay. Cross-site request forgery (CSRF) attacks force a user to perform unwanted actions in an application. During the pentest, it was detected that the config-editor page is vulnerable to CSRF. The config-editor page is used to configure the Quay instance. By coercing the victi...

6.5CVSS

6.4AI Score

0.0005EPSS

2023-09-15 10:15 AM
50