Ddecrulle
·
Published
2025-09-05
·
Updated
2025-09-08
·
CVE-2025-58366
9.4
Critical
| Base vector | Vector | AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N |
Name of the Vulnerable Software and Affected Versions:
Onyxia versions 4.6.0 through 4.8.0
Description:
Onyxia-API leaked credentials of private helm repositories through the public `/public/catalogs` endpoint. Only instances using private helm repositories with configured usernames and passwords in the catalogs configuration are affected. The issue is fixed in version 4.9.0.
Recommendations:
Upgrade to version 4.9.0 or later.
Fix
Insufficiently Protected Credentials