VYPR
Unrated severityNVD Advisory· Published Nov 7, 2023· Updated Nov 7, 2025

Quay: clickjacking on config-editor page severity

CVE-2023-4956

Description

A flaw was found in Quay. Clickjacking is when an attacker uses multiple transparent or opaque layers to trick a user into clicking on a button or link on another page when they intend to click on the top-level page. During the pentest, it has been detected that the config-editor page is vulnerable to clickjacking. This flaw allows an attacker to trick an administrator user into clicking on buttons on the config-editor panel, possibly reconfiguring some parts of the Quay instance.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Red Hat/Red Hat Quay 3v5
    cpe:/a:redhat:quay:3
  • Red Hat/Quayllm-fuzzy

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.