VYPR

Zot

by 2z Project

Source repositories

CVEs (4)

  • CVE-2025-48374MedMay 22, 2025
    risk 0.29cvss epss 0.00

    zot is ancontainer image/artifact registry based on the Open Container Initiative Distribution Specification. Prior to version 2.1.3 (corresponding to pseudoversion 1.4.4-0.20250522160828-8a99a3ed231f), when using Keycloak as an oidc provider, the clientsecret gets printed into…

  • CVE-2026-31801Mar 10, 2026
    risk 0.00cvss epss 0.00

    zot is ancontainer image/artifact registry based on the Open Container Initiative Distribution Specification. From 1.3.0 to 2.1.14, zot’s dist-spec authorization middleware infers the required action for PUT /v2/{name}/manifests/{reference} as create by default, and only…

  • CVE-2025-23208Jan 17, 2025
    risk 0.00cvss epss 0.00

    zot is a production-ready vendor-neutral OCI image registry. The group data stored for users in the boltdb database (meta.db) is an append-list so group revocations/removals are ignored in the API. SetUserGroups is alled on login, but instead of replacing the group memberships,…

  • CVE-2024-39897Jul 9, 2024
    risk 0.00cvss epss 0.00

    zot is an OCI image registry. Prior to 2.1.0, the cache driver `GetBlob()` allows read access to any blob without access control check. If a Zot `accessControl` policy allows users read access to some repositories but restricts read access to other repositories and `dedupe` is…