25 matches found
CVE-2025-27403 Ratify Azure authentication providers can leak authentication tokens to non-Azure container registries
Ratify is a verification engine as a binary executable and on Kubernetes which enables verification of artifact security metadata and admits for deployment only those that comply with policies the user creates. In a Kubernetes environment, Ratify can be configured to authenticate to a private Azu...
CVE-2025-27403 Ratify Azure authentication providers can leak authentication tokens to non-Azure container registries
Ratify is a verification engine as a binary executable and on Kubernetes which enables verification of artifact security metadata and admits for deployment only those that comply with policies the user creates. In a Kubernetes environment, Ratify can be configured to authenticate to a private Azu...
CVE-2025-27403
The CVE describes a vulnerability in Ratify where Azure authentication providers could exchange an Entra ID token for an ACR refresh token without verifying that the target registry is an Azure Container Registry. This could allow EID tokens with ACR access to be exposed if a workload references ...
CVE-2025-27403 Ratify Azure authentication providers can leak authentication tokens to non-Azure container registries
Ratify is a verification engine as a binary executable and on Kubernetes which enables verification of artifact security metadata and admits for deployment only those that comply with policies the user creates. In a Kubernetes environment, Ratify can be configured to authenticate to a private Azu...
Ratify 授权问题漏洞
Ratify is an artifact approval framework CNCF sandbox from Ratify open source. An authorization issue vulnerability exists in Ratify version 1.2.3 and prior to version 1.3.2 that stems from the Azure Authentication Provider not verifying that the target registry is ACR, which could lead to misuse...