Description
Atlantis is a self-hosted golang application that listens for Terraform pull request events via webhooks. All versions of Atlantis publicly expose detailed version information through its /status endpoint. This information disclosure could allow attackers to identify and target known vulnerabilities associated with the specific versions, potentially compromising the service's security posture. This issue does not currently have a fix.
INFO
Published Date :
2025-09-06T19:47:33.669Z
Last Modified :
2025-09-08T14:35:06.195Z
Source :
GitHub_M
AFFECTED PRODUCTS
The following products are affected by CVE-2025-58445 vulnerability.
| Vendors | Products |
|---|---|
| Runatlantis |
|
REFERENCES
Here, you will find a curated list of external links that provide in-depth information to CVE-2025-58445.
CVSS Vulnerability Scoring System
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact