2 matches found
kube-audit-rest's example logging configuration could disclose secret values in the audit log
Impact What kind of vulnerability is it? Who is impacted? If the "full-elastic-stack" example vector configuration was used for a real cluster, the previous values of kubernetes secrets would have been disclosed in the audit messages. Patches Has the problem been patched? What versions should use...
CVE-2025-24884
The CVE-2025-24884 entry concerns kube-audit-rest, a simple logger for Kubernetes API mutations. When the here-described full-elastic-stack example vector is used, previous values of Kubernetes secrets could be disclosed in audit messages due to the logger capturing sensitive data. Fixed in versi...