CVE-2026-31801
- EPSS 0.04%
- Veröffentlicht 10.03.2026 20:54:15
- Zuletzt bearbeitet 18.03.2026 19:30:20
zot is ancontainer image/artifact registry based on the Open Container Initiative Distribution Specification. From 1.3.0 to 2.1.14, zot’s dist-spec authorization middleware infers the required action for PUT /v2/{name}/manifests/{reference} as create...
CVE-2025-23208
- EPSS 0.11%
- Veröffentlicht 17.01.2025 23:15:13
- Zuletzt bearbeitet 04.03.2025 14:45:17
zot is a production-ready vendor-neutral OCI image registry. The group data stored for users in the boltdb database (meta.db) is an append-list so group revocations/removals are ignored in the API. SetUserGroups is alled on login, but instead of repl...
CVE-2024-39897
- EPSS 0.36%
- Veröffentlicht 09.07.2024 19:15:12
- Zuletzt bearbeitet 23.04.2025 17:30:11
zot is an OCI image registry. Prior to 2.1.0, the cache driver `GetBlob()` allows read access to any blob without access control check. If a Zot `accessControl` policy allows users read access to some repositories but restricts read access to other r...