VDB
CVE-2025-24884
CVE-2025-24884
PUBLISHED
CVSS 5.099999904632568 MEDIUM
kube-audit-rest is a simple logger of mutation/creation requests to the k8s api. If the "full-elastic-stack" example vector configuration was used for a real cluster, the previous values of kubernetes secrets would have been disclosed in the audit messages. This vulnerability is fixed in 1.0.16.
EPSS 0.05% · 15.8th percentile
Risk Scores
CVSS v4.0
5.099999904632568
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
EPSS Score
0.05%
15.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| RichardoC | kube-audit-rest | < 1.0.16, < 1.0.16 |
| github.com | RichardoC/kube-audit-rest | 0, 0 |
Timeline
- Jan 21, 1970 Security Advisory
- Jan 29, 2025 CVE Published
- Jan 29, 2025 PoC Published
- Jan 29, 2025 PoC Published
- Jan 30, 2025 EPSS Score
- Jan 30, 2025 PoC Published
- Feb 14, 2025 EPSS Score
- Feb 14, 2025 Coalition ESS Score
- Mar 1, 2025 EPSS Score
- Mar 16, 2025 EPSS Score
- Mar 31, 2025 EPSS Score
- Apr 15, 2025 EPSS Score
References
- https://github.com/RichardoC/kube-audit-rest/security/advisories/GHSA-hcr5-wv4p-h2g2 url
- https://github.com/RichardoC/kube-audit-rest/commit/db1aa5b867256b0a7bf206544c6981ab068b73dc url
- https://nvd.nist.gov/vuln/detail/CVE-2025-24884 advisory
- https://github.com/RichardoC/kube-audit-rest package
- https://pkg.go.dev/vuln/GO-2025-3431 url