4 matches found
GHSA-44F7-5FJ5-H4PX Ratify Azure authentication providers can leak authentication tokens to non-Azure container registries
Impact In a Kubernetes environment, Ratify can be configured to authenticate to a private Azure Container Registry ACR. The Azure workload identity and Azure managed identity authentication providers are configured in this setup. Users that configure a private ACR to be used with the Azure...
CVE-2025-27403 Ratify Azure authentication providers can leak authentication tokens to non-Azure container registries
Ratify is a verification engine as a binary executable and on Kubernetes which enables verification of artifact security metadata and admits for deployment only those that comply with policies the user creates. In a Kubernetes environment, Ratify can be configured to authenticate to a private Azu...
CVE-2025-27403 Ratify Azure authentication providers can leak authentication tokens to non-Azure container registries
Ratify is a verification engine as a binary executable and on Kubernetes which enables verification of artifact security metadata and admits for deployment only those that comply with policies the user creates. In a Kubernetes environment, Ratify can be configured to authenticate to a private Azu...
CVE-2025-27403 Ratify Azure authentication providers can leak authentication tokens to non-Azure container registries
Ratify is a verification engine as a binary executable and on Kubernetes which enables verification of artifact security metadata and admits for deployment only those that comply with policies the user creates. In a Kubernetes environment, Ratify can be configured to authenticate to a private Azu...