{"vulnerability": "GHSA-HCR5-WV4P-H2G2", "sightings": [{"uuid": "2e16af89-b21c-41f5-8452-e342247467a8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "GHSA-hcr5-wv4p-h2g2", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113913498919897595", "content": "", "creation_timestamp": "2025-01-29T20:20:51.993567Z"}, {"uuid": "6152ca2d-0ff4-40df-a635-892c0ede6b18", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "GHSA-HCR5-WV4P-H2G2", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/3400", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: GHSA-hcr5-wv4p-h2g2\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: ### Impact\nIf the \"full-elastic-stack\" example vector configuration was used for a real cluster, the previous values of kubernetes secrets would have been disclosed in the audit messages.\n\n### Patches\nThe example has been updated to fix this in commit db1aa5b867256b0a7bf206544c6981ab068b73dc\n\n\n### Workarounds\nReplace \n```yaml\n\n          if .request.requestKind.kind == \"Secret\" {\n            del(.request.object.data)\n            .request.object.data.redacted = \"REDACTED\"\n            del(.request.oldObject.data)\n            .request.oldObject.data.redacted = \"REDACTED\"\n          }\n```\nIn the vector \"audit-files-json-parser-and-redaction\" step\nwith\n```yaml\n\n          if .request.requestKind.kind == \"Secret\" {\n            # Redact the secret data\n            del(.request.object.data)\n            .request.object.data.redacted = \"REDACTED\"\n            del(.request.oldObject.data)\n            .request.oldObject.data.redacted = \"REDACTED\"\n            # Remove the previously set secret data - Not bothering to parse it as this annotation shouldn't ever be needed\n            del(.request.object.metadata.annotations.[\"kubectl.kubernetes.io/last-applied-configuration\"])\n            del(.request.oldObject.metadata.annotations.[\"kubectl.kubernetes.io/last-applied-configuration\"])\n          }\n```\n\ud83d\udccf Published: 2025-01-29T20:47:51Z\n\ud83d\udccf Modified: 2025-01-29T20:47:51Z\n\ud83d\udd17 References:\n1. https://github.com/RichardoC/kube-audit-rest/security/advisories/GHSA-hcr5-wv4p-h2g2\n2. https://github.com/RichardoC/kube-audit-rest/commit/db1aa5b867256b0a7bf206544c6981ab068b73dc\n3. https://github.com/RichardoC/kube-audit-rest", "creation_timestamp": "2025-01-29T21:11:10.000000Z"}]}