Back to bug 2216924
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Avinash Hanwate | 2023-06-23 09:29:57 UTC | Alias | CVE-2023-3384 | |
| Summary | quay: stored cross site scripting | CVE-2023-3384 quay: stored cross site scripting | ||
| RaTasha Tillery-Smith | 2023-06-23 13:15:16 UTC | Doc Text | A flaw was found in the quay registry. While the image labels created through Quay undergo validation both in the UI and backend by applying a regex (validation.py), the same validation is not performed when the label comes from an image. This flaw allows an attacker to publish a malicious image to a public registry, containing a script that can be executed via XSS. | A flaw was found in the Quay registry. While the image labels created through Quay undergo validation both in the UI and backend by applying a regex (validation.py), the same validation is not performed when the label comes from an image. This flaw allows an attacker to publish a malicious image to a public registry containing a script that can be executed via Cross-site scripting (XSS). |
| Red Hat Bugzilla | 2023-07-07 08:29:06 UTC | Assignee | security-response-team | nobody |
Back to bug 2216924