← voltar
CVE-2025-58445

Atlantis Exposes Service Version Publicly on /status API Endpoint

CVSS 6.9 MEDIUMEPSS 0.4%CWE-200
Vexday Risk Score
13Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 6.9EPSS 0.4%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
06 set 2025Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
Atlantis is a self-hosted golang application that listens for Terraform pull request events via webhooks. All versions of Atlantis publicly expose detailed version information through its /status endpoint. This information disclosure could allow attackers to identify and target known vulnerabilities associated with the specific versions, potentially compromising the service's security posture. This issue does not currently have a fix.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
Produtos afetados
runatlantis · atlantis

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/runatlantis/atlantis/security/advisories/GHSA-xh7v-965r-23f7