Description

zot is ancontainer image/artifact registry based on the Open Container Initiative Distribution Specification. Prior to version 2.1.3 (corresponding to pseudoversion 1.4.4-0.20250522160828-8a99a3ed231f), when using Keycloak as an oidc provider, the clientsecret gets printed into the container stdout logs for an example at container startup. Version 2.1.3 (corresponding to pseudoversion 1.4.4-0.20250522160828-8a99a3ed231f) fixes the issue.

INFO

Published Date :

2025-05-22T20:43:13.708Z

Last Modified :

2025-05-23T14:33:24.239Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-48374 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-48374.

URL Resource
https://github.com/project-zot/zot/commit/8a99a3ed231fdcd8467e986182b4705342b6a15e cve-icon cve-icon
https://github.com/project-zot/zot/security/advisories/GHSA-c37v-3c8w-crq8 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability