← back
CVE-2019-3865

CVE-2019-3865

CVSS 4.7 MEDIUMEPSS 0.7%CWE-79
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 4.7EPSS 0.7%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
22 Jun 2020Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A vulnerability was found in quay-2, where a stored XSS vulnerability has been found in the super user function of quay. Attackers are able to use the name field of service key to inject scripts and make it run when admin users try to change the name.
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected products
[UNKNOWN] · quay

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3865