Unrated severityNVD Advisory· Published Jul 24, 2023· Updated Nov 7, 2025
Quay: stored cross site scripting
CVE-2023-3384
Description
A flaw was found in the Quay registry. While the image labels created through Quay undergo validation both in the UI and backend by applying a regex (validation.py), the same validation is not performed when the label comes from an image. This flaw allows an attacker to publish a malicious image to a public registry containing a script that can be executed via Cross-site scripting (XSS).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Red Hat/Red Hat Quay 3v5cpe:/a:redhat:quay:3
Patches
Vulnerability mechanics
References
2- access.redhat.com/security/cve/CVE-2023-3384mitrevdb-entryx_refsource_REDHAT
- bugzilla.redhat.com/show_bug.cgimitreissue-trackingx_refsource_REDHAT
News mentions
0No linked articles in our index yet.