CVE-2025-48374 zot logs secrets

zot is ancontainer image/artifact registry based on the Open Container Initiative Distribution Specification. Prior to version 2.1.3 corresponding to pseudoversion 1.4.4-0.20250522160828-8a99a3ed231f, when using Keycloak as an oidc provider, the clientsecret gets printed into the container stdout...

zot 日志信息泄露漏洞

zot is an OCI image registry open-sourced by The zot Project. A log information disclosure vulnerability exists in versions prior to zot 2.1.3, which stems from a Keycloak client key being printed to the container log, potentially leading to the disclosure of sensitive information...

CVE-2025-23208

zot is a production-ready vendor-neutral OCI image registry. The group data stored for users in the boltdb database meta.db is an append-list so group revocations/removals are ignored in the API. SetUserGroups is alled on login, but instead of replacing the group memberships, they are appended...

CVE-2025-23208 IdP group membership revocation ignored in zot

zot is a production-ready vendor-neutral OCI image registry. The group data stored for users in the boltdb database meta.db is an append-list so group revocations/removals are ignored in the API. SetUserGroups is alled on login, but instead of replacing the group memberships, they are appended...