GO-2024-2979 Cache driver GetBlob() allows read access to any blob without access control check in zotregistry.dev/zot

Cache driver GetBlob allows read access to any blob without access control check in zotregistry.dev/zot. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from...

CVE-2024-39897 Cache driver GetBlob() allows read access to any blob without access control check

zot is an OCI image registry. Prior to 2.1.0, the cache driver GetBlob allows read access to any blob without access control check. If a Zot accessControl policy allows users read access to some repositories but restricts read access to other repositories and dedupe is enabled it is enabled by...

CVE-2024-39897 Cache driver GetBlob() allows read access to any blob without access control check

zot is an OCI image registry. Prior to 2.1.0, the cache driver GetBlob allows read access to any blob without access control check. If a Zot accessControl policy allows users read access to some repositories but restricts read access to other repositories and dedupe is enabled it is enabled by...

PT-2024-28715 · Zot · Zot

Name of the Vulnerable Software and Affected Versions: zot versions prior to 2.1.0 Description: The cache driver GetBlob in zot, an OCI image registry, allows read access to any blob without an access control check. If a Zot accessControl policy allows users read access to some repositories but...