CVE-2025-58366 in onyxia
Summary
by MITRE • 09/06/2025
Onyxia is a data science environment for kubernetes. In versions 4.6.0 through 4.8.0, Onyxia-API leaked the credentials of private helm repositories in the public (unauthenticated) /public/catalogs endpoint.vOnly instances using private helm repositories (i.e setting username & password in the catalogs configuration) are affected. This is fixed in version 4.9.0.
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 09/08/2025
The vulnerability CVE-2025-58366 affects Onyxia, a data science environment designed for kubernetes deployments that enables researchers and data scientists to work within containerized environments. This security flaw exists in versions 4.6.0 through 4.8.0 of the Onyxia API service, specifically within the /public/catalogs endpoint which is intended to be publicly accessible without authentication. The issue stems from improper credential handling where the system fails to sanitize sensitive information when exposing repository configurations to unauthenticated users. Organizations utilizing Onyxia with private helm repositories that require authentication credentials are at risk, as these credentials become accessible through the public endpoint.
The technical implementation flaw involves the Onyxia API's handling of helm repository configurations where authentication parameters such as usernames and passwords are stored in the catalog configuration files. When the /public/catalogs endpoint processes these configurations for public exposure, the system does not properly filter or redact the credential information before returning the data. This represents a clear violation of secure coding practices and demonstrates a failure in input validation and output sanitization mechanisms. The vulnerability directly maps to CWE-200 (Information Exposure) and CWE-542 (Information Exposure Through Shell Command) as it exposes sensitive authentication data to unauthorized users through an unauthenticated endpoint.
The operational impact of this vulnerability is significant for organizations deploying Onyxia with private helm repositories, as it allows any external attacker to obtain authentication credentials for accessing private package repositories. This exposure can lead to unauthorized access to proprietary software packages, potential supply chain attacks, and compromise of the entire data science environment. The vulnerability affects organizations that rely on private helm repositories for managing their data science tooling and applications, potentially exposing sensitive intellectual property and creating attack vectors for lateral movement within the kubernetes cluster. Attackers could leverage these credentials to deploy malicious packages, modify existing software, or gain unauthorized access to private repositories that may contain additional sensitive information.
Organizations should immediately upgrade to Onyxia version 4.9.0 or later to remediate this vulnerability, as this release includes proper credential sanitization in the /public/catalogs endpoint. System administrators should also conduct immediate inventory checks to identify any instances still running affected versions and perform credential rotation for all private helm repositories that were exposed. Additional mitigations include implementing network-level restrictions to limit access to the /public/catalogs endpoint, monitoring for unauthorized access attempts, and ensuring that all helm repository configurations are reviewed for unnecessary exposure of authentication credentials. The vulnerability demonstrates the importance of following the principle of least privilege and proper input/output sanitization in web applications, particularly when handling sensitive configuration data in publicly accessible endpoints. Organizations should also consider implementing continuous monitoring and vulnerability scanning to identify similar issues in their kubernetes deployments and ensure compliance with security standards such as those outlined in the MITRE ATT&CK framework for cloud and container security.