CVE-2025-58445 | THREATINT

Description

Atlantis is a self-hosted golang application that listens for Terraform pull request events via webhooks. All versions of Atlantis publicly expose detailed version information through its /status endpoint. This information disclosure could allow attackers to identify and target known vulnerabilities associated with the specific versions, potentially compromising the service's security posture. This issue does not currently have a fix.

PUBLISHED Reserved 2025-09-01 | Published 2025-09-06 | Updated 2025-09-08 | Assigner GitHub_M

MEDIUM: 6.9CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

Product status

<= 0.35.1

affected

References

github.com/...lantis/security/advisories/GHSA-xh7v-965r-23f7

cve.org (CVE-2025-58445)

nvd.nist.gov (CVE-2025-58445)

Download JSON