Unrated severityNVD Advisory· Published Nov 7, 2023· Updated Nov 7, 2025
Quay: clickjacking on config-editor page severity
CVE-2023-4956
Description
A flaw was found in Quay. Clickjacking is when an attacker uses multiple transparent or opaque layers to trick a user into clicking on a button or link on another page when they intend to click on the top-level page. During the pentest, it has been detected that the config-editor page is vulnerable to clickjacking. This flaw allows an attacker to trick an administrator user into clicking on buttons on the config-editor panel, possibly reconfiguring some parts of the Quay instance.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Red Hat/Red Hat Quay 3v5cpe:/a:redhat:quay:3
Patches
Vulnerability mechanics
References
2- access.redhat.com/security/cve/CVE-2023-4956mitrevdb-entryx_refsource_REDHAT
- bugzilla.redhat.com/show_bug.cgimitreissue-trackingx_refsource_REDHAT
News mentions
0No linked articles in our index yet.