Medium severityNVD Advisory· Published Jan 29, 2025· Updated Apr 15, 2026

CVE-2025-24884

Description

kube-audit-rest is a simple logger of mutation/creation requests to the k8s api. If the "full-elastic-stack" example vector configuration was used for a real cluster, the previous values of kubernetes secrets would have been disclosed in the audit messages. This vulnerability is fixed in 1.0.16.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
github.com/RichardoC/kube-audit-restGo	< 0.0.0-20250205113217-9df8886b4819	0.0.0-20250205113217-9df8886b4819

Patches

db1aa5b86725

https://github.com/richardoc/kube-audit-restvia osv

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/advisories/GHSA-hcr5-wv4p-h2g2ghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2025-24884ghsaADVISORY
github.com/RichardoC/kube-audit-rest/commit/db1aa5b867256b0a7bf206544c6981ab068b73dcnvdWEB
github.com/RichardoC/kube-audit-rest/security/advisories/GHSA-hcr5-wv4p-h2g2nvdWEB
pkg.go.dev/vuln/GO-2025-3431ghsaWEB

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000