Medium severityOSV Advisory· Published Jan 29, 2025· Updated Apr 15, 2026
CVE-2025-24884
CVE-2025-24884
Description
kube-audit-rest is a simple logger of mutation/creation requests to the k8s api. If the "full-elastic-stack" example vector configuration was used for a real cluster, the previous values of kubernetes secrets would have been disclosed in the audit messages. This vulnerability is fixed in 1.0.16.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/RichardoC/kube-audit-restGo | < 0.0.0-20250205113217-9df8886b4819 | 0.0.0-20250205113217-9df8886b4819 |
Affected products
5- Range: 0.0.0, 0.0.1, 0.0.2, …
- ghsa-coords4 versionspkg:golang/github.com/richardoc/kube-audit-restpkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Tumbleweedpkg:rpm/suse/govulncheck-vulndb&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP6
< 0.0.0-20250205113217-9df8886b4819+ 3 more
- (no CPE)range: < 0.0.0-20250205113217-9df8886b4819
- (no CPE)range: < 0.0.20250207T224745-150000.1.32.1
- (no CPE)range: < 0.0.20250204T220613-1.1
- (no CPE)range: < 0.0.20250207T224745-150000.1.32.1
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-hcr5-wv4p-h2g2ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-24884ghsaADVISORY
- github.com/RichardoC/kube-audit-rest/commit/db1aa5b867256b0a7bf206544c6981ab068b73dcnvdWEB
- github.com/RichardoC/kube-audit-rest/security/advisories/GHSA-hcr5-wv4p-h2g2nvdWEB
- pkg.go.dev/vuln/GO-2025-3431ghsaWEB
News mentions
0No linked articles in our index yet.