CVE-2026-46389

CVE-2026-46389 affects UDS Identity Config (Keycloak integration) used by UDS Core Identity. A logic error in the Keycloak client authenticator named client-kubernetes-secret (shipped by uds-identity-config) in versions 0.11.0–0.26.0 overwrites the submitted client_secret with the mounted Kuberne...

PT-2025-22564 · Red Hat +1 · Keycloak +1

Name of the Vulnerable Software and Affected Versions: zot versions prior to 2.1.3 Description: The issue concerns the exposure of the Keycloak client secret in the container stdout logs at startup when using Keycloak as an OIDC provider. This occurs due to a flaw in handling sensitive informatio...