N/A

CVSS Score

Basic Information

CVE ID

CVE-2025-24884

GHSA ID

GHSA-hcr5-wv4p-h2g2

EPSS Score

0.13646%

CWE

CWE-200

Published

1/29/2025

Updated

2/5/2025

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2025-24884

CVE-2025-24884: kube-audit-rest's example logging configuration could disclose secret values in the audit log

Impact

What kind of vulnerability is it? Who is impacted? If the "full-elastic-stack" example vector configuration was used for a real cluster, the previous values of kubernetes secrets would have been disclosed in the audit messages.

Patches

Has the problem been patched? What versions should users upgrade to? The example has been updated to fix this in commit 9df8886b4819409f566233adc7c3b7a43a4096ba

Workarounds

Is there a way for users to fix or remediate the vulnerability without upgrading? Replace


          if .request.requestKind.kind == "Secret" {
            del(.request.object.data)
            .request.object.data.redacted = "REDACTED"
            del(.request.oldObject.data)
            .request.oldObject.data.redacted = "REDACTED"
          }

In the vector "audit-files-json-parser-and-redaction" step with


          if .request.requestKind.kind == "Secret" {
            # Redact the secret data
            del(.request.object.data)
            .request.object.data.redacted = "REDACTED"
            del(.request.oldObject.data)
            .request.oldObject.data.redacted = "REDACTED"
            # Remove the previously set secret data - Not bothering to parse it as this annotation shouldn't ever be needed
            del(.request.object.metadata.annotations.["kubectl.kubernetes.io/last-applied-configuration"])
            del(.request.oldObject.metadata.annotations.["kubectl.kubernetes.io/last-applied-configuration"])
          }

References

Are there any links users can visit to find out more?

(GitHub Advisory)

N/A

CVSS Score

Basic Information

CVE ID

CVE-2025-24884

GHSA ID

GHSA-hcr5-wv4p-h2g2

EPSS Score

0.13646%

CWE

CWE-200

Published

1/29/2025

Updated

2/5/2025

KEV Status

Technology

Technical Details

CVSS Vector

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
github.com/RichardoC/kube-audit-rest	go	< 0.0.0-20250205113217-9df8886b4819	0.0.0-20250205113217-9df8886b4819

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from incomplete redaction logic in the example Vector configuration. While the original code redacted .data fields, it neglected to remove the 'last-applied-configuration' annotation which contains serialized Secret data. This configuration-level function (expressed in VRL syntax) processes audit logs but left sensitive annotations intact. The commit diff clearly shows the addition of annotation deletion operations to address this oversight, confirming this as the vulnerable code path.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

### Imp**t _W**t kin* o* vuln*r**ility is it? W*o is imp**t**?_ I* t** "*ull-*l*sti*-st**k" *x*mpl* v**tor *on*i*ur*tion w*s us** *or * r**l *lust*r, t** pr*vious v*lu*s o* ku**rn*t*s s**r*ts woul* **v* ***n *is*los** in t** *u*it m*ss***s. ### P*t*

Reasoning

T** vuln*r**ility st*ms *rom in*ompl*t* r****tion lo*i* in t** *x*mpl* V**tor *on*i*ur*tion. W*il* t** ori*in*l *o** r****t** .**t* *i*l*s, it n**l**t** to r*mov* t** 'l*st-*ppli**-*on*i*ur*tion' *nnot*tion w*i** *ont*ins s*ri*liz** S**r*t **t*. T*is

N/A

Basic Information

Concerned about an active attack path?

CVE-2025-24884: kube-audit-rest's example logging configuration could disclose secret values in the audit log

Impact

Patches

Workarounds

References

N/A

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI