{"id":8809,"date":"2025-07-24T02:40:10","date_gmt":"2025-07-24T02:40:10","guid":{"rendered":"http:\/\/localhost\/?p=8809"},"modified":"2025-07-24T02:40:10","modified_gmt":"2025-07-24T02:40:10","slug":"mounted-kubernetes-secrets-under-a-predictable-path-located-within-the-web-server-document-root","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=8809","title":{"rendered":"Mounted Kubernetes Secrets under a predictable path located within the web server document root"},"content":{"rendered":"
\n

CVE Details<\/h2>\n
\n
\n

Basic Information<\/h3>\n\n\n\n\n\n
Title<\/th>\nMounted Kubernetes Secrets under a predictable path located within the web server document root<\/td>\n<\/tr>\n
Type<\/th>\ncve<\/td>\n<\/tr>\n
Published<\/th>\n2025-07-24T06:42:25.254Z<\/td>\n<\/tr>\n
Modified<\/th>\n2025-07-24T06:42:25.254Z<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

Product Information<\/h3>\n\n\n\n\n
Vendor<\/th>\nVMware<\/td>\n<\/tr>\n
Product<\/th>\nbitnamicharts\/appsmith<\/td>\n<\/tr>\n
Version<\/th>\n21.2.0<\/td>\n<\/tr>\n<\/table>\n<\/div>\n<\/div>\n
\n

CVSS Information<\/h3>\n\n\n\n
Base Score<\/th>\n10.0 (CRITICAL)<\/td>\n<\/tr>\n
Attack Vector<\/th>\nCVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:C\/C:H\/I:H\/A:H<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

AI Analysis<\/h3>\n\n\n\n\n\n\n
AI Description<\/th>\nA critical vulnerability in Bitnami Helm Charts allows unauthenticated access to sensitive Kubernetes Secrets via predictable paths within the web server document root. This could expose credentials and other sensitive data to remote attackers. The issue is exacerbated by the default configuration of usePasswordFiles=true, which mounts secrets as files in the container filesystem.<\/td>\n<\/tr>\n
AI Severity<\/th>\nCritical<\/td>\n<\/tr>\n
AI Vendor<\/th>\nVMware<\/td>\n<\/tr>\n
AI Product<\/th>\nBitnami Helm Charts<\/td>\n<\/tr>\n
AI Version<\/th>\n21.2.0<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

Affected Products<\/h4>\n