cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-11831,https://securityvulnerability.io/vulnerability/CVE-2024-11831,Cross-site Scripting Vulnerability in Serialize-Javascript by Yahoo,"A vulnerability exists in the serialize-javascript module due to inadequate sanitization of inputs, particularly JavaScript object types and regex expressions. This flaw allows attackers to inject malicious code that may be executed in a web browser context when the serialized data is deserialized. This poses significant risks in scenarios where the serialized outputs are shared with web clients, rendering the web applications reliant on this package susceptible to XSS attacks.",Red Hat,"Red Hat Advanced Cluster Security 4.4,Red Hat Advanced Cluster Security 4.5,Cryostat 3,Logging Subsystem For Red Hat Openshift,Migration Toolkit For Applications 7,Migration Toolkit For Virtualization,.net 6.0 On Red Hat Enterprise Linux,Openshift Lightspeed,Openshift Pipelines,Openshift Serverless,Openshift Service Mesh 2,Red Hat 3scale Api Management Platform 2,Red Hat Advanced Cluster Management For Kubernetes 2,Red Hat Advanced Cluster Security 4,Red Hat Ansible Automation Platform 2,Red Hat Build Of Apache Camel - Hawtio,Red Hat Build Of Apicurio Registry,Red Hat Build Of Keycloak,Red Hat Build Of Optaplanner 8,Red Hat Data Grid 8,Red Hat Developer Hub,Red Hat Discovery,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Fuse 7,Red Hat Integration Camel K,Red Hat Jboss Enterprise Application Platform 7,Red Hat Jboss Enterprise Application Platform 8,Red Hat Jboss Enterprise Application Platform Expansion Pack,Red Hat Openshift Ai (rhoai),Red Hat Openshift Container Platform 3.11,Red Hat Openshift Container Platform 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Dev Spaces,Red Hat Openshift Distributed Tracing 3,Red Hat Process Automation 7,Red Hat Quay 3,Red Hat Satellite 6,Red Hat Single Sign-on 7,Red Hat Trusted Profile Analyzer",5.4,MEDIUM,0.0004400000034365803,false,,false,false,false,,false,false,false,,2025-02-10T15:27:46.732Z,0
CVE-2024-9683,https://securityvulnerability.io/vulnerability/CVE-2024-9683,Truncated Passwords Can Still Pose a Risk to Password Security,"A vulnerability has been identified in Quay that allows successful user authentication even when only a truncated version of a password is used. This issue undermines the security integrity of password enforcement mechanisms, leading to potential weaknesses in the authentication process. While the standard length for passwords utilized typically reaches 73 characters, this vulnerability exploits the truncation, rendering it easier for attackers to perform brute-force or password-guessing attacks. Consequently, the overall effectiveness of password policies may be compromised, leaving systems at an increased risk of unauthorized access in the long run.",Red Hat,Red Hat Quay 3,5.3,MEDIUM,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-10-17T14:08:57.482Z,0
CVE-2024-9676,https://securityvulnerability.io/vulnerability/CVE-2024-9676,Podman Vulnerable to Symlink Traversal Attack,"A vulnerability was found in Podman, Buildah, and CRI-O. A symlink traversal vulnerability in the containers/storage library can cause Podman, Buildah, and CRI-O to hang and result in a denial of service via OOM kill when running a malicious image using an automatically assigned user namespace (`--userns=auto` in Podman and Buildah). The containers/storage library will read /etc/passwd inside the container, but does not properly validate if that file is a symlink, which can be used to cause the library to read an arbitrary file on the host.",Red Hat,",Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9.4 Extended Update Support,Red Hat Openshift Container Platform 4.12,Red Hat Openshift Container Platform 4.13,Red Hat Openshift Container Platform 4.14,Red Hat Openshift Container Platform 4.15,Red Hat Openshift Container Platform 4.16,Red Hat Openshift Container Platform 4.17,Openshift Developer Tools And Services,Red Hat Openshift Container Platform 4,Red Hat Quay 3",6.5,MEDIUM,0.001120000029914081,false,,false,false,false,,,false,false,,2024-10-15T15:27:33.665Z,0
CVE-2024-5891,https://securityvulnerability.io/vulnerability/CVE-2024-5891,Quay: unauthorized user may authenticate via oauth application token,"A vulnerability was found in Quay. If an attacker can obtain the client ID for an application, they can use an OAuth token to authenticate despite not having access to the organization from which the application was created. This issue is limited to authentication and not authorization. However, in configurations where endpoints rely only on authentication, a user may authenticate to applications they otherwise have no access to.",Red Hat,Red Hat Quay 3,4.2,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-06-12T14:15:00.000Z,0
CVE-2023-4956,https://securityvulnerability.io/vulnerability/CVE-2023-4956,Quay: clickjacking on config-editor page severity,"A flaw was found in Quay. Clickjacking is when an attacker uses multiple transparent or opaque layers to trick a user into clicking on a button or link on another page when they intend to click on the top-level page. During the pentest, it has been detected that the config-editor page is vulnerable to clickjacking. This flaw allows an attacker to trick an administrator user into clicking on buttons on the config-editor panel, possibly reconfiguring some parts of the Quay instance.",Red Hat,"quay,Red Hat Quay 3",4.3,MEDIUM,0.0006799999973736703,false,,false,false,false,,,false,false,,2023-11-07T20:15:00.000Z,0
CVE-2023-4959,https://securityvulnerability.io/vulnerability/CVE-2023-4959,Cross-site request forgery (csrf) on config-editor page,"A flaw was found in Quay. Cross-site request forgery (CSRF) attacks force a user to perform unwanted actions in an application. During the pentest, it was detected that the config-editor page is vulnerable to CSRF. The config-editor page is used to configure the Quay instance. By coercing the victim’s browser into sending an attacker-controlled request from another domain, it is possible to reconfigure the Quay instance (including adding users with admin privileges).",Red Hat,"quay,Red Hat Quay 3",6.5,MEDIUM,0.00046999999904073775,false,,false,false,false,,,false,false,,2023-09-15T10:15:00.000Z,0
CVE-2023-3384,https://securityvulnerability.io/vulnerability/CVE-2023-3384,Quay: stored cross site scripting,"A flaw was found in the Quay registry. While the image labels created through Quay undergo validation both in the UI and backend by applying a regex (validation.py), the same validation is
not performed when the label comes from an image. This flaw allows an attacker to publish a malicious image to a public registry containing a script that can be executed via Cross-site scripting (XSS).",Red Hat,Red Hat Quay 3,5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2023-07-24T16:15:00.000Z,0