216.73.217.86

CVE-2025-48374

· Published 22/05/2025 21:15 · Modified 23/05/2025 15:54

Labels: CVE-2025-48374 2025-05-22CVE-2025-48374CWE-532[email protected]

Essential information

Published
22/05/2025 21:15
Modified
23/05/2025 15:54
Author
Creator
CVSS
5.5 MEDIUM (v3) 5.5 MEDIUM (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

zot is ancontainer image/artifact registry based on the Open Container Initiative Distribution Specification. Prior to version 2.1.3 (corresponding to pseudoversion 1.4.4-0.20250522160828-8a99a3ed231f), when using Keycloak as an oidc provider, the clientsecret gets printed into the container stdout logs for an example at container startup. Version 2.1.3 (corresponding to pseudoversion 1.4.4-0.20250522160828-8a99a3ed231f) fixes the issue.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
zot / zot cpe:2.3:a:zot:zot:<2.1.3:*:*:*:*:*:*:*
keycloak / keycloak cpe:2.3:a:keycloak:keycloak:*:*:*:*:*:*:*:*

References