Auth bypass in Distribution
CVE-2025-24976
Distribution is a toolkit to pack, ship, store, and deliver container content. Systems running registry versions 3.0.0-beta.1 through 3.0.0-rc.2 with token authentication enabled may be vulnerable to an issue in which token authentication…
Vulnerability class: IDOR (Insecure Direct Object Reference)
EPSS: 0.003 (24.4th percentile) — read the EPSS interpretation.
Affected products
- Distribution — versions >= 3.0.0-beta.1, <= 3.0.0-rc.2
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_CONFIRM)
- security-advisories@github.com (x_refsource_MISC)