CVE-2019-3865 is a vulnerability in Red Hat Quay
Published on June 22, 2020
A vulnerability was found in quay-2, where a stored XSS vulnerability has been found in the super user function of quay. Attackers are able to use the name field of service key to inject scripts and make it run when admin users try to change the name.
Weakness Type
What is a XSS Vulnerability?
The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
CVE-2019-3865 has been classified to as a XSS vulnerability or weakness.
Products Associated with CVE-2019-3865
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2019-3865 are published in Red Hat Quay:
Affected Versions
[UNKNOWN] quay Version quay 2 is affected by CVE-2019-3865Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.