Primary

Context

Kube-Audit-Rest Kubernetes Secrets Disclosure Vulnerability

Vulnerability

A vulnerability in Kube-Audit-Rest prior to version 1.0.16 allows for the unintentional disclosure of Kubernetes secret values in the audit log. This issue arises when the 'full-elastic-stack' example vector configuration is applied to a real cluster, as it fails to properly redact secret data before it is logged.

Impact

Exploitation of this vulnerability could lead to the unauthorized disclosure of sensitive Kubernetes secret data in the audit logs.

Remediation

Users can upgrade to Kube-Audit-Rest version 1.0.17 or later to address this vulnerability. For those using the 'full-elastic-stack' example vector configuration, it is recommended to update the logging configuration to properly redact secret data, including removing references to secret data in the 'kubectl.kubernetes.io/last-applied-configuration' annotation.

Added: Sep 1, 2025, 7:22 PM

Updated: Sep 1, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.9

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.9

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Kube-Audit-Rest Kubernetes Secrets Disclosure Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating