Skip to main content

Atlantis

3 CVEs product

Monthly

CVE-2025-58445 Go MEDIUM POC PATCH This Week

Atlantis is a self-hosted golang application that listens for Terraform pull request events via webhooks. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Hashicorp Information Disclosure Atlantis Suse
NVD GitHub
CVSS 4.0
6.9
EPSS
0.1%
CVE-2024-52009 Go HIGH POC PATCH This Week

Atlantis is a self-hosted golang application that listens for Terraform pull request events via webhooks. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Hashicorp Information Disclosure Atlantis
NVD GitHub
CVSS 4.0
8.5
EPSS
0.7%
CVE-2022-24912 Go HIGH POC PATCH This Week

The package github.com/runatlantis/atlantis/server/controllers/events before 0.19.7 are vulnerable to Timing Attack in the webhook event validator code, which does not use a constant-time comparison. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Atlantis
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
EPSS 0% CVSS 6.9
MEDIUM POC PATCH This Week

Atlantis is a self-hosted golang application that listens for Terraform pull request events via webhooks. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Hashicorp Information Disclosure Atlantis +1
NVD GitHub
EPSS 1% CVSS 8.5
HIGH POC PATCH This Week

Atlantis is a self-hosted golang application that listens for Terraform pull request events via webhooks. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Hashicorp Information Disclosure Atlantis
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

The package github.com/runatlantis/atlantis/server/controllers/events before 0.19.7 are vulnerable to Timing Attack in the webhook event validator code, which does not use a constant-time comparison. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Atlantis
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy