CVE-2019-3867

CWE-613 โ€” Insufficient Session Expiration6 documents5 sources
Severity
4.1MEDIUM
EPSS
0.1%
top 70.96%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Redhat Quay
Timeline
PublishedMar 18
Latest updateMay 24

Description

A vulnerability was found in the Quay web application. Sessions in the Quay web application never expire. An attacker, able to gain access to a session, could use it to control or delete a user's container repository. Red Hat Quay 2 and 3 are vulnerable to this issue.

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:LExploitability: 0.7 | Impact: 3.4

Affected Packages2 packages

โ–ถCVEListV5quayAs shipped in Red Hat Quay 2 and 3.
โ–ถNVDredhat/quay2.0.0, 3.0.0+1

๐Ÿ”ดVulnerability Details

2
GHSA
GHSA-pf92-7x8p-6x5m: A vulnerability was found in the Quay web applicationโ†—2022-05-24
โ–ถ
CVEList
CVE-2019-3867: A vulnerability was found in the Quay web applicationโ†—2021-03-18
โ–ถ

๐Ÿ“‹Vendor Advisories

1
Red Hat
quay: insufficient session expirationโ†—2021-03-17
โ–ถ

๐Ÿ’ฌCommunity

2
Bugzilla
CVE-2019-3867 quay: insufficient session expirationโ†—2019-11-14
โ–ถ
Bugzilla
CVE-2018-16838 sssd: improper implementation of GPOs due to too restrictive permissionsโ†—2018-10-18
โ–ถ