Filtered by vendor Runatlantis
Subscribe
Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-58445 | 1 Runatlantis | 1 Atlantis | 2025-09-10 | N/A | 7.5 HIGH |
| Atlantis is a self-hosted golang application that listens for Terraform pull request events via webhooks. All versions of Atlantis publicly expose detailed version information through its /status endpoint. This information disclosure could allow attackers to identify and target known vulnerabilities associated with the specific versions, potentially compromising the service's security posture. This issue does not currently have a fix. | |||||
| CVE-2022-24912 | 1 Runatlantis | 1 Atlantis | 2024-11-21 | N/A | 7.5 HIGH |
| The package github.com/runatlantis/atlantis/server/controllers/events before 0.19.7 are vulnerable to Timing Attack in the webhook event validator code, which does not use a constant-time comparison function to validate the webhook secret. It can allow an attacker to recover this secret as an attacker and then forge webhook events. | |||||