CVE-2023-4959

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Sep 15, 2023

Updated: Nov 7, 2023

CWE ID 201

Summary

CVE-2023-4959 is a cross-site request forgery (CSRF) vulnerability affecting Quay. An attacker can exploit this flaw by manipulating a user's browser into sending unintended requests from another domain. Particularly, the config-editor page is vulnerable, allowing an attacker to reconfigure the Quay instance, including adding users with administrative privileges. This could lead to unauthorized access, data manipulation, or even takeover of the Quay environment. System administrators are advised to patch the vulnerability promptly to prevent potential attacks.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

MICHAEL KELLY

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/t0Pvy4
https://www.cve.org/CVERecord?id=CVE-2023-4959
https://nvd.nist.gov/vuln/detail/CVE-2023-4959

Back to Vulnerability Database

CVE-2023-4959

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations