SUSE CVE-2025-27403

Ratify is a verification engine as a binary executable and on Kubernetes which enables verification of artifact security metadata and admits for deployment only those that comply with policies the user creates. In a Kubernetes environment, Ratify can be configured to authenticate to a private Azu...

CVE-2025-27403

Ratify is a verification engine as a binary executable and on Kubernetes which enables verification of artifact security metadata and admits for deployment only those that comply with policies the user creates. In a Kubernetes environment, Ratify can be configured to authenticate to a private Azu...

Exposure of Sensitive System Information to an Unauthorized Control Sphere

Overview Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere due to the improper validation of target registry domains during the token exchange process. An attacker can extract and misuse authentication tokens by directin...

Exposure of Sensitive System Information to an Unauthorized Control Sphere

Overview Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere due to the improper validation of target registry domains during the token exchange process. An attacker can extract and misuse authentication tokens by directin...

Exposure of Sensitive System Information to an Unauthorized Control Sphere

Overview Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere due to the improper validation of target registry domains during the token exchange process. An attacker can extract and misuse authentication tokens by directin...

Exposure of Sensitive System Information to an Unauthorized Control Sphere

Overview Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere due to the improper validation of target registry domains during the token exchange process. An attacker can extract and misuse authentication tokens by directin...

Exposure of Sensitive System Information to an Unauthorized Control Sphere

Overview Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere due to the improper validation of target registry domains during the token exchange process. An attacker can extract and misuse authentication tokens by directin...

GHSA-44F7-5FJ5-H4PX Ratify Azure authentication providers can leak authentication tokens to non-Azure container registries

Impact In a Kubernetes environment, Ratify can be configured to authenticate to a private Azure Container Registry ACR. The Azure workload identity and Azure managed identity authentication providers are configured in this setup. Users that configure a private ACR to be used with the Azure...

CVE-2025-27403

Ratify is a verification engine as a binary executable and on Kubernetes which enables verification of artifact security metadata and admits for deployment only those that comply with policies the user creates. In a Kubernetes environment, Ratify can be configured to authenticate to a private Azu...

CVE-2025-27403 Ratify Azure authentication providers can leak authentication tokens to non-Azure container registries

Ratify is a verification engine as a binary executable and on Kubernetes which enables verification of artifact security metadata and admits for deployment only those that comply with policies the user creates. In a Kubernetes environment, Ratify can be configured to authenticate to a private Azu...

CVE-2025-27403 Ratify Azure authentication providers can leak authentication tokens to non-Azure container registries

Ratify is a verification engine as a binary executable and on Kubernetes which enables verification of artifact security metadata and admits for deployment only those that comply with policies the user creates. In a Kubernetes environment, Ratify can be configured to authenticate to a private Azu...

Container Registry Credential Leak

Trivy is vulnerable to Container Registry Credential Leak. The vulnerability is due to insufficient registry domain validation which results in container registry credential leakage. An attacker must convince a user intro scanning a malicious container, which then allows an attacker to push/pull...

SUSE CVE-2024-35192

Trivy is a security scanner. Prior to 0.51.2, if a malicious actor is able to trigger Trivy to scan container images from a crafted malicious registry, it could result in the leakage of credentials for legitimate registries such as AWS Elastic Container Registry ECR, Google Cloud Artifact/Contain...

CVE-2024-35192 Trivy possibly leaks registry credential when scanning images from malicious registries

Trivy is a security scanner. Prior to 0.51.2, if a malicious actor is able to trigger Trivy to scan container images from a crafted malicious registry, it could result in the leakage of credentials for legitimate registries such as AWS Elastic Container Registry ECR, Google Cloud Artifact/Contain...

CVE-2024-35192 Trivy possibly leaks registry credential when scanning images from malicious registries

Trivy is a security scanner. Prior to 0.51.2, if a malicious actor is able to trigger Trivy to scan container images from a crafted malicious registry, it could result in the leakage of credentials for legitimate registries such as AWS Elastic Container Registry ECR, Google Cloud Artifact/Contain...

CVE-2024-35192 Trivy possibly leaks registry credential when scanning images from malicious registries

Trivy is a security scanner. Prior to 0.51.2, if a malicious actor is able to trigger Trivy to scan container images from a crafted malicious registry, it could result in the leakage of credentials for legitimate registries such as AWS Elastic Container Registry ECR, Google Cloud Artifact/Contain...

GHSA-XCQ4-M2R3-CMRJ Trivy possibly leaks registry credential when scanning images from malicious registries

Impact If a malicious actor is able to trigger Trivy to scan container images from a crafted malicious registry, it could result in the leakage of credentials for legitimate registries such as AWS Elastic Container Registry ECR, Google Cloud Artifact/Container Registry, or Azure Container Registr...

Trivy possibly leaks registry credential when scanning images from malicious registries

Impact If a malicious actor is able to trigger Trivy to scan container images from a crafted malicious registry, it could result in the leakage of credentials for legitimate registries such as AWS Elastic Container Registry ECR, Google Cloud Artifact/Container Registry, or Azure Container Registr...

Severe Vulnerabilities Reported in Microsoft Azure Bastion and Container Registry

Two "dangerous" security vulnerabilities have been disclosed in Microsoft Azure Bastion and Azure Container Registry that could have been exploited to carry out cross-site scripting XSS attacks. "The vulnerabilities allowed unauthorized access to the victim's session within the compromised Azure...

org.jenkins-ci.plugins:azure-acs (>=0.1.0 <=0.2.4), org.jenkins-ci.plugins:azure-app-service (>=0.1 <=0.4.2) +8 more potentially affected by CVE-2023-25768 via org.jenkins-ci.plugins:azure-credentials (>=1.0 <=1.6.1)

org.jenkins-ci.plugins:azure-credentials MAVEN version =1.0, =0.1.0, =0.1, =0.3.0, =0.6.0, =3.0.0, =0.1.0, =1.0.0, =0.4.8, =0.1.0, =1.3, =1.5 Source cves: CVE-2023-25768 Source advisory: OSV:GHSA-PX2R-CMR2-PHW7...