CVE-2025-58445

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-58445

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-58445.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-58445

Aliases

Downstream

MINI-7f54-f2cr-7r45

SUSE-SU-2025:03289-1

Related

SUSE-SU-2025:03289-1

Published

2025-09-06T19:47:33Z

Modified

2025-09-17T17:57:00.775946Z

Severity

6.9 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N CVSS Calculator

Summary

Atlantis Exposes Service Version Publicly on /status API Endpoint

Details

Atlantis is a self-hosted golang application that listens for Terraform pull request events via webhooks. All versions of Atlantis publicly expose detailed version information through its /status endpoint. This information disclosure could allow attackers to identify and target known vulnerabilities associated with the specific versions, potentially compromising the service's security posture. This issue does not currently have a fix.

References

https://github.com/runatlantis/atlantis/security/advisories/GHSA-xh7v-965r-23f7

Affected packages

Git /

Affected ranges