Medium severityOSV Advisory· Published May 22, 2025· Updated Apr 15, 2026
CVE-2025-48374
CVE-2025-48374
Description
zot is ancontainer image/artifact registry based on the Open Container Initiative Distribution Specification. Prior to version 2.1.3 (corresponding to pseudoversion 1.4.4-0.20250522160828-8a99a3ed231f), when using Keycloak as an oidc provider, the clientsecret gets printed into the container stdout logs for an example at container startup. Version 2.1.3 (corresponding to pseudoversion 1.4.4-0.20250522160828-8a99a3ed231f) fixes the issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
zotregistry.dev/zotGo | < 1.4.4-0.20250522160828-8a99a3ed231f | 1.4.4-0.20250522160828-8a99a3ed231f |
Affected products
3- Range: 0.3.0, v0.2.6, v0.2.7, …
- ghsa-coords2 versions
< 1.4.4-0.20250522160828-8a99a3ed231f+ 1 more
- (no CPE)range: < 1.4.4-0.20250522160828-8a99a3ed231f
- (no CPE)range: < 0.0.20250527T204717-1.1
Patches
Vulnerability mechanics
References
5News mentions
0No linked articles in our index yet.