CVE-2019-3865 MEDIUM

CVE-2019-3865

Vendor [Unknown]
Product quay
Weakness CWE-79 · XSS
Published June 22, 2020
Last update August 4, 2024

CVSS base score

4.7/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

A vulnerability was found in quay-2, where a stored XSS vulnerability has been found in the super user function of quay. Attackers are able to use the name field of service key to inject scripts and make it run when admin users try to change the name.

Key dates

02Disclosure timeline

June 22, 2020 CVE published
August 4, 2024 Record updated