CVE-2025-24884: kube-audit-rest's example logging configuration could disclose secret values in the audit log
(updated )
What kind of vulnerability is it? Who is impacted? If the “full-elastic-stack” example vector configuration was used for a real cluster, the previous values of kubernetes secrets would have been disclosed in the audit messages.
References
- github.com/RichardoC/kube-audit-rest
- github.com/RichardoC/kube-audit-rest/commit/db1aa5b867256b0a7bf206544c6981ab068b73dc
- github.com/RichardoC/kube-audit-rest/security/advisories/GHSA-hcr5-wv4p-h2g2
- github.com/advisories/GHSA-hcr5-wv4p-h2g2
- nvd.nist.gov/vuln/detail/CVE-2025-24884
- pkg.go.dev/vuln/GO-2025-3431
Detect and mitigate CVE-2025-24884 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →