We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2025-48374

zot logs secrets



Description

zot is ancontainer image/artifact registry based on the Open Container Initiative Distribution Specification. Prior to version 2.1.3 (corresponding to pseudoversion 1.4.4-0.20250522160828-8a99a3ed231f), when using Keycloak as an oidc provider, the clientsecret gets printed into the container stdout logs for an example at container startup. Version 2.1.3 (corresponding to pseudoversion 1.4.4-0.20250522160828-8a99a3ed231f) fixes the issue.

Reserved 2025-05-19 | Published 2025-05-22 | Updated 2025-05-23 | Assigner GitHub_M


MEDIUM: 5.5CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

Problem types

CWE-532: Insertion of Sensitive Information into Log File

Product status

< 1.4.4-0.20250522160828-8a99a3ed231f
affected

References

github.com/...ot/zot/security/advisories/GHSA-c37v-3c8w-crq8

github.com/...ommit/8a99a3ed231fdcd8467e986182b4705342b6a15e

cve.org (CVE-2025-48374)

nvd.nist.gov (CVE-2025-48374)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2025-48374

Support options

Helpdesk Chat, Email, Knowledgebase
© Copyright 2025 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.