Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2024-52009
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Git credentials are exposed in atlantis logs
Source: NVD (National Vulnerability Database)
Vulnerability Description
Atlantis is a self-hosted golang application that listens for Terraform pull request events via webhooks. Atlantis logs contains GitHub credentials (tokens `ghs_...`) when they are rotated. This enables an attacker able to read these logs to impersonate Atlantis application and to perform actions on GitHub. When Atlantis is used to administer a GitHub organization, this enables getting administration privileges on the organization. This was reported in #4060 and fixed in #4667 . The fix was included in Atlantis v0.30.0. All users are advised to upgrade. There are no known workarounds for this vulnerability.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
通过日志文件的信息暴露
Source: NVD (National Vulnerability Database)
Vulnerability Title
Atlantis 日志信息泄露漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Atlantis是Atlantis开源的一个自托管的 golang 应用程序。通过 webhook 监听 Terraform 拉取请求事件。 Atlantis 存在日志信息泄露漏洞,该漏洞源于Atlantis日志在轮换时包含 GitHub 凭据。能够读取这些日志的攻击者可以冒充 Atlantis 应用程序并在 GitHub 上执行操作。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
VendorProductAffected VersionsCPESubscribe
runatlantisatlantis < 0.30.0 -
II. Public POCs for CVE-2024-52009
#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC
III. Intelligence Information for CVE-2024-52009
Please Login to view more intelligence information
New Vulnerabilities
Product: atlantis
Vendor: runatlantis
Same weakness: CWE-532
V. Comments for CVE-2024-52009

No comments yet

Leave a comment