A flaw was found in Quay. Clickjacking is when an attacker uses multiple transparent or opaque layers to trick a user into clicking on a button or link on another page when they intend to click on the top-level page. During the pentest, it has been detected that the config-editor page is vulnerable to clickjacking. This flaw allows an attacker to trick an administrator user into clicking on buttons on the config-editor panel, possibly reconfiguring some parts of the Quay instance.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2023-11-07T19:12:00.777Z
Updated: 2024-11-13T23:04:24.838Z
Reserved: 2023-09-14T04:52:43.812Z
Link: CVE-2023-4956
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-11-07T20:15:08.970
Modified: 2024-11-21T08:36:20.217
Link: CVE-2023-4956
Redhat