Persistent XSS Vulnerability in Red Hat Quay Allows Impersonation and Threatens Confidentiality, Integrity, and System Availability

Persistent XSS Vulnerability in Red Hat Quay Allows Impersonation and Threatens Confidentiality, Integrity, and System Availability

CVE-2020-27832 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

A flaw was found in Red Hat Quay, where it has a persistent Cross-site Scripting (XSS) vulnerability when displaying a repository's notification. This flaw allows an attacker to trick a user into performing a malicious action to impersonate the target user. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Learn more about our User Device Pen Test.