Runatlantis

Atlantis

3 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2025-58445

Exploit
  • EPSS 0.07%
  • Veröffentlicht 06.09.2025 19:47:33
  • Zuletzt bearbeitet 10.09.2025 19:43:08

Atlantis is a self-hosted golang application that listens for Terraform pull request events via webhooks. All versions of Atlantis publicly expose detailed version information through its /status endpoint. This information disclosure could allow atta...

9.8

CVE-2024-52009

Exploit
  • EPSS 0.48%
  • Veröffentlicht 08.11.2024 23:15:05
  • Zuletzt bearbeitet 29.09.2025 15:06:51

Atlantis is a self-hosted golang application that listens for Terraform pull request events via webhooks. Atlantis logs contains GitHub credentials (tokens `ghs_...`) when they are rotated. This enables an attacker able to read these logs to imperson...

7.5

CVE-2022-24912

Exploit
  • EPSS 0.22%
  • Veröffentlicht 29.07.2022 10:15:12
  • Zuletzt bearbeitet 21.11.2024 06:51:22

The package github.com/runatlantis/atlantis/server/controllers/events before 0.19.7 are vulnerable to Timing Attack in the webhook event validator code, which does not use a constant-time comparison function to validate the webhook secret. It can all...