← Volver a CVEs
CVE-2025-58445
HIGH7.5
Descripcion
Atlantis is a self-hosted golang application that listens for Terraform pull request events via webhooks. All versions of Atlantis publicly expose detailed version information through its /status endpoint. This information disclosure could allow attackers to identify and target known vulnerabilities associated with the specific versions, potentially compromising the service's security posture. This issue does not currently have a fix.
Detalles CVE
Puntuacion CVSS v3.17.5
SeveridadHIGH
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado9/6/2025
Ultima modificacion9/10/2025
Fuentenvd
Avistamientos honeypot0
Productos afectados
runatlantis:atlantis
Debilidades (CWE)
CWE-200
Referencias
https://github.com/runatlantis/atlantis/security/advisories/GHSA-xh7v-965r-23f7(security-advisories@github.com)
https://github.com/runatlantis/atlantis/security/advisories/GHSA-xh7v-965r-23f7(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.