CVE-2019-3865
MEDIUMRed Hat Quay - Stored Cross-Site Scripting in Service Key Name Field
Title source: llmDescription
A vulnerability was found in quay-2, where a stored XSS vulnerability has been found in the super user function of quay. Attackers are able to use the name field of service key to inject scripts and make it run when admin users try to change the name.
References (1)
Core 1
Core References
Issue Tracking, Vendor Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3865
Scores
CVSS v3
6.1
EPSS
0.0034
EPSS Percentile
57.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (1)
redhat/quay
2.0.0
Published
Jun 22, 2020
Tracked Since
Feb 18, 2026