github.com/distribution/distribution is vulnerable to Signature Bypass. The vulnerability is due to improper JSON Web Key (JWK) verification, allowing an attacker to forge a malicious JWT and bypass.. ...
Continue Reading
February 17, 2025
A CWE-321 "Use of Hard-coded Cryptographic Key" in the JWT signing in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to bypass the auth ...
Continue Reading
February 17, 2025
A flaw was found in Distribution. Certain versions with token authentication enabled may be vulnerable to an issue where token authentication allows an attacker to inject an untrusted signing key in a ...
Continue Reading
February 15, 2025
This update fixes the following issues: golang-github-prometheus-prometheus was updated from version 2.45.6 to 2.53.3 (jsc#PED-11649): Security issues fixed: CVE-2024-51744: Updated golang-jwt to ve ...
Continue Reading
February 15, 2025
This update fixes the following issues: golang-github-prometheus-prometheus was updated from version 2.45.6 to 2.53.3 (jsc#PED-11649): Security issues fixed: CVE-2024-51744: Updated golang-jwt to ve ...
Continue Reading
February 15, 2025
golang-github-prometheus-prometheus was updated from version 2.45.6 to 2.53.3 (jsc#PED-11649): Security issues fixed: CVE-2024-51744: Updated golang-jwt to version 5.0 to fix bad error handling ...
Continue Reading
February 15, 2025
golang-github-prometheus-prometheus was updated from version 2.45.6 to 2.53.3 (jsc#PED-11649): Security issues fixed: CVE-2024-51744: Updated golang-jwt to version 5.0 to fix bad error handling ...
Continue Reading
February 15, 2025
github.com/distribution/distribution/v3 is vulnerable to Improper Authentication. The vulnerability is due to Improper Authentication due to inadequate verification of JSON Web Keys (JWK) in JSON Web ...
Continue Reading
February 14, 2025
Back to Main
