CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-24884: kube-audit-rest's example logging configuration could disclose secret values in the audit log

5.1 CVSS

Description

kube-audit-rest is a simple logger of mutation/creation requests to the k8s api. If the "full-elastic-stack" example vector configuration was used for a real cluster, the previous values of kubernetes secrets would have been disclosed in the audit messages. This vulnerability is fixed in 1.0.16.

Classification

CVE ID: CVE-2025-24884

CVSS Base Severity: MEDIUM

CVSS Base Score: 5.1

Affected Products

Vendor: RichardoC

Product: kube-audit-rest

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.77% (scored less or equal to compared to others)

EPSS Date: 2025-02-28 (when was this score calculated)

References

https://github.com/RichardoC/kube-audit-rest/security/advisories/GHSA-hcr5-wv4p-h2g2
https://github.com/RichardoC/kube-audit-rest/commit/db1aa5b867256b0a7bf206544c6981ab068b73dc

Timeline

2025-01-30 08:58:50 UTC
CVE

kube-audit-rest's example logging configuration could disclose secret values in the audit log