CVE-2023-3384

Name of the Vulnerable Software and Affected Versions Quay registry (affected versions not specified)

Description A flaw was found in the Quay registry where image labels created through Quay undergo validation in the UI and backend using a regex, but the same validation is not performed when the label comes from an image. This allows an attacker to publish a malicious image to a public registry containing a script that can be executed via Cross-site scripting (XSS).

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.