VYPR
Low severityNVD Advisory· Published Sep 6, 2025· Updated Sep 8, 2025

Atlantis Exposes Service Version Publicly on /status API Endpoint

CVE-2025-58445

Description

Atlantis is a self-hosted golang application that listens for Terraform pull request events via webhooks. All versions of Atlantis publicly expose detailed version information through its /status endpoint. This information disclosure could allow attackers to identify and target known vulnerabilities associated with the specific versions, potentially compromising the service's security posture. This issue does not currently have a fix.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/runatlantis/atlantisGo
<= 0.35.1

Affected products

8

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.