CVE-2019-3864: CSRF
First published: Tue Jan 21 2020(Updated: )
A vulnerability was discovered in all quay-2 versions before quay-3.0.0, in the Quay web GUI where POST requests include a specific parameter which is used as a CSRF token. The token is not refreshed for every request or when a user logged out and in again. An attacker could use a leaked token to gain access to the system using the user's account.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Redhat Quay | <3.0.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-3864?
CVE-2019-3864 is a vulnerability in all quay-2 versions before quay-3.0.0 in the Quay web GUI.
What is the severity of CVE-2019-3864?
The severity of CVE-2019-3864 is high with a severity value of 8.8.
How does CVE-2019-3864 affect software?
CVE-2019-3864 affects Redhat Quay versions before 3.0.0.
What is the CWE of CVE-2019-3864?
The CWE of CVE-2019-3864 is 352.
Is there a reference for CVE-2019-3864?
Yes, you can find more information about CVE-2019-3864 at https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3864.
- collector/nvd-index
- agent/weakness
- agent/references
- agent/type
- agent/event
- agent/severity
- agent/author
- agent/description
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/redhat
- canonical/redhat quay