data/reports/GO-2025-3511.yaml - vulndb - Git at Google

 id: GO-2025-3511
 modules:
     - module: github.com/deislabs/ratify
       versions:
         - fixed: 1.2.3
       vulnerable_at: 1.2.2
     - module: github.com/ratify-project/ratify
       versions:
         - introduced: 1.3.0
         - fixed: 1.3.2
       vulnerable_at: 1.3.1
 summary: |-
     Ratify Azure authentication providers can leak authentication tokens to
     non-Azure container registries in github.com/deislabs/ratify
 cves:
     - CVE-2025-27403
 ghsas:
     - GHSA-44f7-5fj5-h4px
 references:
     - advisory: https://github.com/ratify-project/ratify/security/advisories/GHSA-44f7-5fj5-h4px
     - advisory: https://nvd.nist.gov/vuln/detail/CVE-2025-27403
     - fix: https://github.com/ratify-project/ratify/commit/0ec0c08490e3d672ae64b1a220c90d5484f1c93f
     - fix: https://github.com/ratify-project/ratify/commit/84c7c48fa76bb9a1c9583635d1e90bc25b1a546c
 source:
     id: GHSA-44f7-5fj5-h4px
     created: 2025-03-12T13:11:49.376505-04:00
 review_status: UNREVIEWED
	id: GO-2025-3511
	modules:
	- module: github.com/deislabs/ratify
	versions:
	- fixed: 1.2.3
	vulnerable_at: 1.2.2
	- module: github.com/ratify-project/ratify
	versions:
	- introduced: 1.3.0
	- fixed: 1.3.2
	vulnerable_at: 1.3.1
	summary: \|-
	Ratify Azure authentication providers can leak authentication tokens to
	non-Azure container registries in github.com/deislabs/ratify
	cves:
	- CVE-2025-27403
	ghsas:
	- GHSA-44f7-5fj5-h4px
	references:
	- advisory: https://github.com/ratify-project/ratify/security/advisories/GHSA-44f7-5fj5-h4px
	- advisory: https://nvd.nist.gov/vuln/detail/CVE-2025-27403
	- fix: https://github.com/ratify-project/ratify/commit/0ec0c08490e3d672ae64b1a220c90d5484f1c93f
	- fix: https://github.com/ratify-project/ratify/commit/84c7c48fa76bb9a1c9583635d1e90bc25b1a546c
	source:
	id: GHSA-44f7-5fj5-h4px
	created: 2025-03-12T13:11:49.376505-04:00
	review_status: UNREVIEWED