Low severityNVD Advisory· Published Sep 6, 2025· Updated Sep 8, 2025
Atlantis Exposes Service Version Publicly on /status API Endpoint
CVE-2025-58445
Description
Atlantis is a self-hosted golang application that listens for Terraform pull request events via webhooks. All versions of Atlantis publicly expose detailed version information through its /status endpoint. This information disclosure could allow attackers to identify and target known vulnerabilities associated with the specific versions, potentially compromising the service's security posture. This issue does not currently have a fix.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/runatlantis/atlantisGo | <= 0.35.1 | — |
Affected products
8- osv-coords7 versionspkg:apk/chainguard/atlantispkg:apk/chainguard/atlantis-fipspkg:apk/wolfi/atlantispkg:golang/github.com/runatlantis/atlantispkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Tumbleweedpkg:rpm/suse/govulncheck-vulndb&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP6
< 0.36.0-r2+ 6 more
- (no CPE)range: < 0.36.0-r2
- (no CPE)range: < 0.36.0-r1
- (no CPE)range: < 0.36.0-r2
- (no CPE)range: <= 0.35.1
- (no CPE)range: < 0.0.20250918T182144-150000.1.107.1
- (no CPE)range: < 0.0.20250917T170349-1.1
- (no CPE)range: < 0.0.20250918T182144-150000.1.107.1
- runatlantis/atlantisv5Range: <= 0.35.1
Patches
Vulnerability mechanics
References
3- github.com/advisories/GHSA-xh7v-965r-23f7ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-58445ghsaADVISORY
- github.com/runatlantis/atlantis/security/advisories/GHSA-xh7v-965r-23f7ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.