CVE-2025-24884

kube-audit-rest is a simple logger of mutation/creation requests to the k8s api. If the "full-elastic-stack" example vector configuration was used for a real cluster, the previous values of kubernetes secrets would have been disclosed in the audit messages. This vulnerability is fixed in 1.0.16.

CVSS

No CVSS.

References

Link	Resource
https://github.com/RichardoC/kube-audit-rest/commit/db1aa5b867256b0a7bf206544c6981ab068b73dc
https://github.com/RichardoC/kube-audit-rest/security/advisories/GHSA-hcr5-wv4p-h2g2

Configurations

No configuration.

History

15 Apr 2026, 00:35

Type	Values Removed	Values Added
Summary		(es) kube-audit-rest es un registrador simple de solicitudes de mutación/creación a la API de k8s. Si se hubiera utilizado la configuración de vector de ejemplo "full-elastic-stack" para un clúster real, los valores anteriores de los secretos de Kubernetes se habrían revelado en los mensajes de auditoría. Esta vulnerabilidad se solucionó en la versión 1.0.16.

29 Jan 2025, 21:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-01-29 21:15

Updated : 2026-04-15 00:35

NVD link : CVE-2025-24884

Mitre link : CVE-2025-24884

CVE.ORG link : CVE-2025-24884

JSON object : View

Products Affected

No product.

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

CWE-212

Improper Removal of Sensitive Information Before Storage or Transfer

CWE-532

Insertion of Sensitive Information into Log File

{"id": "CVE-2025-24884", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 5.1, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "LOW", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-01-29T21:15:21.667", "references": [{"url": "https://github.com/RichardoC/kube-audit-rest/commit/db1aa5b867256b0a7bf206544c6981ab068b73dc", "source": "security-advisories@github.com"}, {"url": "https://github.com/RichardoC/kube-audit-rest/security/advisories/GHSA-hcr5-wv4p-h2g2", "source": "security-advisories@github.com"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-200"}, {"lang": "en", "value": "CWE-212"}, {"lang": "en", "value": "CWE-532"}]}], "descriptions": [{"lang": "en", "value": "kube-audit-rest is a simple logger of mutation/creation requests to the k8s api. If the \"full-elastic-stack\" example vector configuration was used for a real cluster, the previous values of kubernetes secrets would have been disclosed in the audit messages. This vulnerability is fixed in 1.0.16."}, {"lang": "es", "value": "kube-audit-rest es un registrador simple de solicitudes de mutaci\u00f3n/creaci\u00f3n a la API de k8s. Si se hubiera utilizado la configuraci\u00f3n de vector de ejemplo \"full-elastic-stack\" para un cl\u00faster real, los valores anteriores de los secretos de Kubernetes se habr\u00edan revelado en los mensajes de auditor\u00eda. Esta vulnerabilidad se solucion\u00f3 en la versi\u00f3n 1.0.16."}], "lastModified": "2026-04-15T00:35:42.020", "sourceIdentifier": "security-advisories@github.com"}