CVE-2020-27832

CWE-79 — Cross-site Scripting (XSS)4 documents4 sources

Severity

9.0CRITICAL

EPSS

0.4%

top 36.52%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Quay

Timeline

PublishedMay 27

Latest updateMay 24

Description

A flaw was found in Red Hat Quay, where it has a persistent Cross-site Scripting (XSS) vulnerability when displaying a repository's notification. This flaw allows an attacker to trick a user into performing a malicious action to impersonate the target user. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:HExploitability: 2.3 | Impact: 6.0

Affected Packages2 packages

▶NVDredhat/quay3.0.0 — 3.3.2

▶CVEListV5quayquay 3.3.2

🔴Vulnerability Details

GHSA

GHSA-2xp8-j5vh-vcrw: A flaw was found in Red Hat Quay, where it has a persistent Cross-site Scripting (XSS) vulnerability when displaying a repository's notification↗2022-05-24

▶

CVEList

CVE-2020-27832: A flaw was found in Red Hat Quay, where it has a persistent Cross-site Scripting (XSS) vulnerability when displaying a repository's notification↗2021-05-27

▶

📋Vendor Advisories

Red Hat

quay: persistent XSS in repository notification display↗2020-12-09

▶