CVE-2019-3864

Name of the Vulnerable Software and Affected Versions Quay versions prior to 3.0.0

Description A security issue was found in the Quay web GUI, where the CSRF token, used in POST requests, is not refreshed after each request or when a user logs out and back in. This allows an attacker to potentially use a leaked token to access the system using the user's account.

Recommendations For Quay versions prior to 3.0.0, consider updating to version 3.0.0 or later to resolve the issue. As a temporary workaround, restrict access to sensitive operations that rely on the CSRF token to minimize the risk of exploitation.