Lucene search
+L

6 matches found

NVD
NVD
added 2025/01/17 11:15 p.m.31 views

CVE-2025-23208

zot is a production-ready vendor-neutral OCI image registry. The group data stored for users in the boltdb database meta.db is an append-list so group revocations/removals are ignored in the API. SetUserGroups is alled on login, but instead of replacing the group memberships, they are appended...

7.3CVSS0.00394EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/01/17 10:24 p.m.19 views

CVE-2025-23208 IdP group membership revocation ignored in zot

zot is a production-ready vendor-neutral OCI image registry. The group data stored for users in the boltdb database meta.db is an append-list so group revocations/removals are ignored in the API. SetUserGroups is alled on login, but instead of replacing the group memberships, they are appended...

7.3CVSS0.00394EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/01/17 10:24 p.m.21 views

CVE-2025-23208 IdP group membership revocation ignored in zot

zot is a production-ready vendor-neutral OCI image registry. The group data stored for users in the boltdb database meta.db is an append-list so group revocations/removals are ignored in the API. SetUserGroups is alled on login, but instead of replacing the group memberships, they are appended...

7.3CVSS7.1AI score0.00394EPSS
Exploits1References3
CVE
CVE
added 2025/01/17 10:24 p.m.339 views

CVE-2025-23208

The CVE-2025-23208 issue affects Zot, an OCI image registry. Root cause: SetUserGroups on login appends new groups instead of replacing existing memberships, stored in boltdb (meta.db), so group revocations/removals from IdPs are ignored. Impact: any configuration using group-based authorization ...

7.3CVSS7.1AI score0.00394EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2025/01/17 10:24 p.m.9 views

CVE-2025-23208 IdP group membership revocation ignored in zot

zot is a production-ready vendor-neutral OCI image registry. The group data stored for users in the boltdb database meta.db is an append-list so group revocations/removals are ignored in the API. SetUserGroups is alled on login, but instead of replacing the group memberships, they are appended...

7.3CVSS6.6AI score0.00394EPSS
Exploits1References5
Circl
Circl
added 2025/01/17 9:57 p.m.9 views

CVE-2025-23208

creationtimestamp| type| source ---|---|--- 2025-01-17 21:57:02+00:00| published-proof-of-concept| https://github.com/project-zot/zot/security/advisories/GHSA-c9p4-xwr9-rfhx 2025-01-17 22:25:32+00:00| seen| https://infosec.exchange/users/cve/statuses/113846041447410284 2025-01-17 22:57:00+00:00|...

7.3CVSS7AI score0.00394EPSS
Exploits1References5
Rows per page
Query Builder