CVE-2025-58366

This vulnerability is critical.

Description

Onyxia is a data science environment for kubernetes. In versions 4.6.0 through 4.8.0, Onyxia-API leaked the credentials of private helm repositories in the public (unauthenticated) /public/catalogs endpoint. Only instances using private helm repositories (i.e setting username & password in the catalogs configuration) are affected. This is fixed in version 4.9.0.

Remediation

Patches for Major Version of the helm chart of Onyxia

You can use Onyxia chart v10.28.0 and after to have at least an api version 4.9.0 at least

Last updated 5 hours ago

Was this helpful?