CVE-2023-4959

Name of the Vulnerable Software and Affected Versions Quay (affected versions not specified)

Description A flaw was found in Quay, allowing cross-site request forgery (CSRF) attacks to force a user to perform unwanted actions in an application. The config-editor page, used to configure the Quay instance, is vulnerable to CSRF. By coercing the victim's browser into sending an attacker-controlled request from another domain, it is possible to reconfigure the Quay instance, including adding users with admin privileges.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.