VYPR
Unrated severityNVD Advisory· Published Sep 15, 2023· Updated Nov 7, 2025

Quay: cross-site request forgery (csrf) on config-editor page

CVE-2023-4959

Description

A flaw was found in Quay. Cross-site request forgery (CSRF) attacks force a user to perform unwanted actions in an application. During the pentest, it was detected that the config-editor page is vulnerable to CSRF. The config-editor page is used to configure the Quay instance. By coercing the victim’s browser into sending an attacker-controlled request from another domain, it is possible to reconfigure the Quay instance (including adding users with admin privileges).

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Red Hat/Red Hat Quay 3v5
    cpe:/a:redhat:quay:3
  • Red Hat/Quayllm-fuzzy

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.