Runatlantis Atlantis
3 CVEs affecting Runatlantis Atlantis. Latest disclosed: 2025-09-06. Critical: 1, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-52009 | Critical | 9.8 | 2024-11-08 | Atlantis is a self-hosted golang application that listens for Terraform pull request events via webhooks. Atlantis logs contains GitHub credentials (tokens `gh… |
CVE-2025-58445 | High | 7.5 | 2025-09-06 | Atlantis is a self-hosted golang application that listens for Terraform pull request events via webhooks. All versions of Atlantis publicly expose detailed ver… |
CVE-2022-24912 | High | 7.5 | 2022-07-29 | The package github.com/runatlantis/atlantis/server/controllers/events before 0.19.7 are vulnerable to Timing Attack in the webhook event validator code, which… |