Unrated severityNVD Advisory· Published Sep 15, 2023· Updated Nov 7, 2025
Quay: cross-site request forgery (csrf) on config-editor page
CVE-2023-4959
Description
A flaw was found in Quay. Cross-site request forgery (CSRF) attacks force a user to perform unwanted actions in an application. During the pentest, it was detected that the config-editor page is vulnerable to CSRF. The config-editor page is used to configure the Quay instance. By coercing the victim’s browser into sending an attacker-controlled request from another domain, it is possible to reconfigure the Quay instance (including adding users with admin privileges).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Red Hat/Red Hat Quay 3v5cpe:/a:redhat:quay:3
Patches
Vulnerability mechanics
References
2- access.redhat.com/security/cve/CVE-2023-4959mitrevdb-entryx_refsource_REDHAT
- bugzilla.redhat.com/show_bug.cgimitreissue-trackingx_refsource_REDHAT
News mentions
0No linked articles in our index yet.