7 matches found
EUVD-2025-0111
Malicious code in bioql PyPI...
CVE-2025-23208
zot is a production-ready vendor-neutral OCI image registry. The group data stored for users in the boltdb database meta.db is an append-list so group revocations/removals are ignored in the API. SetUserGroups is alled on login, but instead of replacing the group memberships, they are appended...
CVE-2025-23208 IdP group membership revocation ignored in zot
zot is a production-ready vendor-neutral OCI image registry. The group data stored for users in the boltdb database meta.db is an append-list so group revocations/removals are ignored in the API. SetUserGroups is alled on login, but instead of replacing the group memberships, they are appended...
CVE-2024-39897
zot is an OCI image registry. Prior to 2.1.0, the cache driver GetBlob allows read access to any blob without access control check. If a Zot accessControl policy allows users read access to some repositories but restricts read access to other repositories and dedupe is enabled it is enabled by...
CVE-2024-39897 Cache driver GetBlob() allows read access to any blob without access control check
zot is an OCI image registry. Prior to 2.1.0, the cache driver GetBlob allows read access to any blob without access control check. If a Zot accessControl policy allows users read access to some repositories but restricts read access to other repositories and dedupe is enabled it is enabled by...
CVE-2024-39897
CVE-2024-39897 affects Zot’s registry code (zot) prior to 2.1.0. The cache driver GetBlob() can read any blob without an access check, enabling an attacker who knows an image name and a blob digest (to which they have no read access) to read that blob via another repository that the attacker can ...
CVE-2024-39897 Cache driver GetBlob() allows read access to any blob without access control check
zot is an OCI image registry. Prior to 2.1.0, the cache driver GetBlob allows read access to any blob without access control check. If a Zot accessControl policy allows users read access to some repositories but restricts read access to other repositories and dedupe is enabled it is enabled by...