x/vulndb: potential Go vuln in github.com/RichardoC/kube-audit-rest: GHSA-hcr5-wv4p-h2g2

[GoVulnBot]

Advisory GHSA-hcr5-wv4p-h2g2 references a vulnerability in the following Go modules:

Module
github.com/RichardoC/kube-audit-rest

Description:

Impact

If the "full-elastic-stack" example vector configuration was used for a real cluster, the previous values of kubernetes secrets would have been disclosed in the audit messages.

Patches

The example has been updated to fix this in commit db1aa5b867256b0a7bf206544c6981ab068b73dc

Workarounds

Replace

          if .request.requestKind.kind == "Secret" {
            del(.request.object.data)
            .request.object.data.redacted = "REDACTED"
            del(.request.oldObject.data)
            .request.oldObject.data.redacted = "REDACTED"
          }

In the vec...

References:

• ADVISORY: GHSA-hcr5-wv4p-h2g2
• ADVISORY: GHSA-hcr5-wv4p-h2g2
• FIX: RichardoC/kube-audit-rest@db1aa5b

No existing reports found with this module or alias.
See doc/quickstart.md for instructions on how to triage this report.

id: GO-ID-PENDING
modules:
    - module: github.com/RichardoC/kube-audit-rest
      versions:
        - fixed: 0.0.0-20250129191722-db1aa5b86725
summary: |-
    kube-audit-rest's example logging configuration could disclose secret values in
    the audit log in github.com/RichardoC/kube-audit-rest
cves:
    - CVE-2025-24884
ghsas:
    - GHSA-hcr5-wv4p-h2g2
references:
    - advisory: https://github.com/RichardoC/kube-audit-rest/security/advisories/GHSA-hcr5-wv4p-h2g2
    - advisory: https://github.com/advisories/GHSA-hcr5-wv4p-h2g2
    - fix: https://github.com/RichardoC/kube-audit-rest/commit/db1aa5b867256b0a7bf206544c6981ab068b73dc
notes:
    - fix: 'github.com/RichardoC/kube-audit-rest: could not add vulnerable_at: cannot auto-guess when fixed version is 0.0.0 pseudo-version'
source:
    id: GHSA-hcr5-wv4p-h2g2
    created: 2025-01-29T21:01:36.317781401Z
review_status: UNREVIEWED