A flaw was found in Quay. Clickjacking is when an attacker uses multiple transparent or opaque layers to trick a user into clicking on a button or link on another page when they intend to click on the top-level page. During the pentest, it has been detected that the config-editor page is vulnerable to clickjacking. This flaw allows an attacker to trick an administrator user into clicking on buttons on the config-editor panel, possibly reconfiguring some parts of the Quay instance.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2023-11-07T19:12:00.777Z

Updated: 2024-11-13T23:04:24.838Z

Reserved: 2023-09-14T04:52:43.812Z

Link: CVE-2023-4956

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-11-07T20:15:08.970

Modified: 2024-11-21T08:36:20.217

Link: CVE-2023-4956

cve-icon Redhat

Severity : Low

Publid Date: 2023-09-15T00:00:00Z

Links: CVE-2023-4956 - Bugzilla