CVE-2025-48374

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-48374

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-48374.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-48374

Aliases

Downstream

openSUSE-SU-2025:15179-1

Related

openSUSE-SU-2025:15179-1

Published

2025-05-22T20:43:13.708Z

Modified

2026-04-02T12:50:11.224882Z

Severity

5.5 (Medium) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P CVSS Calculator

Summary

zot logs secrets

Details

zot is ancontainer image/artifact registry based on the Open Container Initiative Distribution Specification. Prior to version 2.1.3 (corresponding to pseudoversion 1.4.4-0.20250522160828-8a99a3ed231f), when using Keycloak as an oidc provider, the clientsecret gets printed into the container stdout logs for an example at container startup. Version 2.1.3 (corresponding to pseudoversion 1.4.4-0.20250522160828-8a99a3ed231f) fixes the issue.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/48xxx/CVE-2025-48374.json",
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-532"
    ]
}

References

Affected packages

Git / github.com/project-zot/zot

Affected ranges

Type: GIT
Repo: https://github.com/project-zot/zot
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

8a99a3ed231fdcd8467e986182b4705342b6a15e

Affected versions

0.*

0.3.0

v0.*

v0.2.6

v0.2.7

v0.2.8

v0.2.9

v0.3.0

v0.3.1

v0.3.10

v0.3.2

v0.3.3

v0.3.4

v0.3.5

v0.3.6

v0.3.7

v0.3.8

v0.3.9

v1.*

v1.0.0

v1.0.1

v1.1.0

v1.1.1

v1.1.10

v1.1.11

v1.1.12

v1.1.13

v1.1.14

v1.1.2

v1.1.3

v1.1.4

v1.1.5

v1.1.6

v1.1.7

v1.1.8

v1.1.9

v1.2.0

v1.2.1

v1.2.2

v1.2.3

v1.2.4

v1.2.5

v1.2.6

v1.2.7

v1.2.8

v1.3.0

v1.3.1

v1.3.2

v1.3.3

v1.3.4

v1.3.5

v1.3.6

v1.3.7

v1.3.8

v1.3.8-rc2

v1.3.8-rc3

v1.3.9

v1.4.0

v1.4.0-rc1

v1.4.0-rc2

v1.4.0-rc3

v1.4.0-rc4

v1.4.1

v1.4.1-rc1

v1.4.1-rc2

v1.4.1-rc3

v1.4.1-rc4

v1.4.1-rc5

v1.4.1-rc6

v1.4.2

v1.4.2-rc1

v1.4.2-rc2

v1.4.2-rc3

v1.4.2-rc4

v1.4.2-rc5

v1.4.2-rc6

v1.4.3

v1.4.3-rc1

v1.4.3-rc2

v1.4.3-rc3

v1.4.3-rc4

v1.4.3-rc5

v1.4.3-rc6

v1.4.3-rc7

v1.4.3-rc8

v1.4.3-rc9

v2.*

v2.0.0

v2.0.0-rc1

v2.0.0-rc2

v2.0.0-rc3

v2.0.0-rc4

v2.0.0-rc5

v2.0.0-rc6

v2.0.0-rc7

v2.0.0-rc8

v2.0.1

v2.0.1-rc1

v2.0.1-rc2

v2.0.2

v2.0.2-rc1

v2.0.2-rc2

v2.0.2-rc3

v2.0.3

v2.0.4

v2.1.0

v2.1.0-rc1

v2.1.0-rc2

v2.1.1

v2.1.2

v2.1.2-rc1

v2.1.2-rc2

v2.1.2-rc3

v2.1.2-rc4

v2.1.2-rc5

v2.1.3-rc1

v2.1.3-rc2

v2.1.3-rc3

v2.1.3-rc4

v2.1.3-rc5

v2.1.3-rc6

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-48374.json"