Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.4
CVSSv3

CVE-2023-3384

Published: 24/07/2023 Updated: 07/11/2023
CVSS v3 Base Score: 5.4 | Impact Score: 2.7 | Exploitability Score: 2.3
VMScore: 0
Subscribe to Quay

Vulnerability Summary

A flaw was found in the Quay registry. While the image labels created through Quay undergo validation both in the UI and backend by applying a regex (validation.py), the same validation is not performed when the label comes from an image. This flaw allows an malicious user to publish a malicious image to a public registry containing a script that can be executed via Cross-site scripting (XSS).

Vulnerable Product Search on Vulmon Subscribe to Product

redhat quay 3.0.0

Vendor Advisories

Red Hat:
Description<!----> This CVE is under investigation by Red Hat Product Security ...

References

CWE-79https://access.redhat.com/security/cve/CVE-2023-3384https://bugzilla.redhat.com/show_bug.cgi?id=2216924https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2023-3384
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3661open redirectCVE-2024-25512CVE-2024-33788command injectionSSTICVE-2024-0043CVE-2024-29210CVE-2024-25510
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook