CVE Details
Basic Information
| Title |
CVE-2025-48374 |
| Type |
cve |
| Published |
2025-05-22T21:15:37 |
| Last Seen |
2025-05-22T21:23:09 |
CVSS Information
| Base Score |
0.0 () |
| Attack Vector |
|
| Attack Complexity |
|
| Privileges Required |
|
| User Interaction |
|
| Scope |
|
| Confidentiality Impact |
|
| Integrity Impact |
|
| Availability Impact |
|
AI Analysis
| AI Description |
zot logs the client secret in stdout when using Keycloak as an OIDC provider, posing a security risk. This issue is resolved in version 2.1.3. |
| AI Severity |
Medium |
| Vendor |
zot Community |
| Product |
zot |
| Affected Version |
All versions prior to 2.1.3 |
Additional Information
| CVE List |
CVE-2025-48374 |
| CWE List |
CWE-532 |
| Bulletin Family |
cve |
Description
zot is ancontainer image/artifact registry based on the Open Container Initiative Distribution Specification. Prior to version 2.1.3 (corresponding to pseudoversion 1.4.4-0.20250522160828-8a99a3ed231f), when using Keycloak as an oidc provider, the clientsecret gets printed into the container stdout logs for an example at container startup. Version 2.1.3 (corresponding to pseudoversion 1.4.4-0.20250522160828-8a99a3ed231f) fixes the issue.
CVSS Score Summary
Base Score: %!f(string=#) ()
View Full CVE Details
