Lucene search
K

25 matches found

Vulnrichment
Vulnrichment
added 2025/03/11 2:16 p.m.7 views

CVE-2025-27403 Ratify Azure authentication providers can leak authentication tokens to non-Azure container registries

Ratify is a verification engine as a binary executable and on Kubernetes which enables verification of artifact security metadata and admits for deployment only those that comply with policies the user creates. In a Kubernetes environment, Ratify can be configured to authenticate to a private Azu...

7.2CVSS6.6AI score0.00445EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/03/11 2:16 p.m.20 views

CVE-2025-27403 Ratify Azure authentication providers can leak authentication tokens to non-Azure container registries

Ratify is a verification engine as a binary executable and on Kubernetes which enables verification of artifact security metadata and admits for deployment only those that comply with policies the user creates. In a Kubernetes environment, Ratify can be configured to authenticate to a private Azu...

7.2CVSS0.00445EPSS
Exploits0References3
CVE
CVE
added 2025/03/11 2:16 p.m.57 views

CVE-2025-27403

The CVE describes a vulnerability in Ratify where Azure authentication providers could exchange an Entra ID token for an ACR refresh token without verifying that the target registry is an Azure Container Registry. This could allow EID tokens with ACR access to be exposed if a workload references ...

7.2CVSS6.6AI score0.00445EPSS
Exploits0References3
OSV
OSV
added 2025/03/11 2:16 p.m.14 views

CVE-2025-27403 Ratify Azure authentication providers can leak authentication tokens to non-Azure container registries

Ratify is a verification engine as a binary executable and on Kubernetes which enables verification of artifact security metadata and admits for deployment only those that comply with policies the user creates. In a Kubernetes environment, Ratify can be configured to authenticate to a private Azu...

7.2CVSS6.5AI score0.00445EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/03/11 12:0 a.m.4 views

Ratify 授权问题漏洞

Ratify is an artifact approval framework CNCF sandbox from Ratify open source. An authorization issue vulnerability exists in Ratify version 1.2.3 and prior to version 1.3.2 that stems from the Azure Authentication Provider not verifying that the target registry is ACR, which could lead to misuse...

7.2CVSS6.4AI score0.00445EPSS
Exploits0References5
Rows per page
Query Builder