Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

CVE-2019-3867

Related Vulnerabilities: CVE-2019-3867  

A vulnerability was found in the Quay web application. Sessions in the Quay web application never expire. An attacker, able to gain access to a session, could use it to control or delete a user's container repository.

Source

Description

A vulnerability was found in the Quay web application. Sessions in the Quay web application never expire. An attacker, able to gain access to a session, could use it to control or delete a user's container repository.

Mitigation

Toggle 'FEATURE_PERMANENT_SESSIONS' to 'False' in quay.conf.

Additional Information

  • Bugzilla 1772704: CVE-2019-3867 quay: insufficient session expiration
  • CWE-613: Insufficient Session Expiration
  • FAQ: Frequently asked questions about CVE-2019-3867

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started