CVE-2023-4956

Name of the Vulnerable Software and Affected Versions Quay (affected versions not specified)

Description A flaw was found in Quay, where clickjacking allows an attacker to trick a user into clicking on a button or link on another page. The config-editor page is vulnerable to clickjacking, which could allow an attacker to trick an administrator user into clicking on buttons on the config-editor panel, possibly reconfiguring some parts of the Quay instance. Clickjacking is a technique used by attackers to trick users into clicking on something different from what they intend, by using multiple transparent or opaque layers.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.