Quay@* Security Vulnerabilities and Issues — Quay@* CVE List

Lucene search

RedhatQuay*

3 matches found

CVE•added 2021/05/27 12:15 a.m.•83 views

CVE-2020-27831

A flaw was found in Red Hat Quay, where it does not properly protect the authorization token when authorizing email addresses for repository email notifications. This flaw allows an attacker to add email addresses they do not own to repository notifications.

4.3CVSS4.4AI score0.00127EPSS

CVE•added 2021/05/27 2:15 p.m.•75 views

CVE-2020-27832

A flaw was found in Red Hat Quay, where it has a persistent Cross-site Scripting (XSS) vulnerability when displaying a repository's notification. This flaw allows an attacker to trick a user into performing a malicious action to impersonate the target user. The highest threat from this vulnerabilit...

9CVSS8.2AI score0.00447EPSS

CVE•added 2021/03/18 7:15 p.m.•57 views

CVE-2019-3867

A vulnerability was found in the Quay web application. Sessions in the Quay web application never expire. An attacker, able to gain access to a session, could use it to control or delete a user's container repository. Red Hat Quay 2 and 3 are vulnerable to this issue.

4.4CVSS4.6AI score0.00108EPSS