GHSA-c37v-3c8w-crq8: zot logs secrets

May 22, 2025

When using Keycloak as an oidc provider, the clientsecret gets printed into the container stdout logs for an example at container startup.

References

github.com/advisories/GHSA-c37v-3c8w-crq8
github.com/project-zot/zot
github.com/project-zot/zot/commit/8a99a3ed231fdcd8467e986182b4705342b6a15e
github.com/project-zot/zot/security/advisories/GHSA-c37v-3c8w-crq8

Code Behaviors & Features

Detect and mitigate GHSA-c37v-3c8w-crq8 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →