Lucene search
+L

114 matches found

Rosalinux
Rosalinux
added 2021/07/02 5:39 p.m.37 views

Advisory ROSA-SA-2021-1942

Software: orca 3.6.3 OS: Cobalt 7.9 CVE-ID: CVE-2020-9298 CVE-Crit: HIGH CVE-DESC: The spinnaker template resolution feature is vulnerable to server-side request forgery SSRF, which allows an attacker to send requests on behalf of the spinnaker, potentially exposing sensitive data. CVE-STATUS:...

7.5CVSS7AI score0.01349EPSS
Exploits0
OSV
OSV
added 2021/05/07 3:54 p.m.43 views

GHSA-4FCW-PQ4R-F4Q7 Server-Side Request Forgery in Spinnaker Orca

The Spinnaker template resolution functionality is vulnerable to Server-Side Request Forgery SSRF, which allows an attacker to send requests on behalf of Spinnaker potentially leading to sensitive data disclosure...

7.5CVSS7.4AI score0.01349EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2021/05/07 3:54 p.m.49 views

Server-Side Request Forgery in Spinnaker Orca

The Spinnaker template resolution functionality is vulnerable to Server-Side Request Forgery SSRF, which allows an attacker to send requests on behalf of Spinnaker potentially leading to sensitive data disclosure...

7.5CVSS7.2AI score0.01349EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2020/12/11 3:15 a.m.4 views

CVE-2020-9301

Nolan Ray from Apple Information Security identified a security vulnerability in Spinnaker, all versions prior to version 1.23.4, 1.22.4 or 1.21.5. The vulnerability exists within the handling of SpEL expressions that allows an attacker to read and write arbitrary files within the orca container...

8.8CVSS5.9AI score0.01504EPSS
Exploits0References1
Prion
Prion
added 2020/12/11 3:15 a.m.18 views

Design/Logic Flaw

Nolan Ray from Apple Information Security identified a security vulnerability in Spinnaker, all versions prior to version 1.23.4, 1.22.4 or 1.21.5. The vulnerability exists within the handling of SpEL expressions that allows an attacker to read and write arbitrary files within the orca container...

6.5CVSS8AI score0.01504EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2020/12/11 2:10 a.m.77 views

CVE-2020-9301

CVE-2020-9301 affects Spinnaker before v1.23.4, v1.22.4, and v1.21.5. The issue involves handling of SpEL expressions allowing an authenticated attacker to read and write arbitrary files inside the orca container via HTTP POST requests. Affected component: Spinnaker container/orca handling of SpE...

8.8CVSS7.9AI score0.01504EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/12/11 2:10 a.m.32 views

CVE-2020-9301

Nolan Ray from Apple Information Security identified a security vulnerability in Spinnaker, all versions prior to version 1.23.4, 1.22.4 or 1.21.5. The vulnerability exists within the handling of SpEL expressions that allows an attacker to read and write arbitrary files within the orca container...

8.1AI score0.01504EPSS
Exploits0References1
CNNVD
CNNVD
added 2020/12/10 12:0 a.m.10 views

Netflix Spinnaker Code Issue Vulnerability

Netflix Spinnaker is a continuous delivery platform from the American company Netflix. The platform serves as a cloud platform deployment tool that supports Google, Microsoft, Pivotal, and other cloud platforms, providing out-of-the-box cluster management and deployment capabilities. Netflix...

8.8CVSS7.5AI score0.01504EPSS
Exploits0References2
NVD
NVD
added 2020/08/28 3:15 p.m.15 views

CVE-2020-9298

The Spinnaker template resolution functionality is vulnerable to Server-Side Request Forgery SSRF, which allows an attacker to send requests on behalf of Spinnaker potentially leading to sensitive data disclosure...

7.5CVSS7.5AI score0.01349EPSS
Exploits0References1
OSV
OSV
added 2020/08/28 3:15 p.m.19 views

CVE-2020-9298

The Spinnaker template resolution functionality is vulnerable to Server-Side Request Forgery SSRF, which allows an attacker to send requests on behalf of Spinnaker potentially leading to sensitive data disclosure...

7.5CVSS6.6AI score
Exploits0References1
Prion
Prion
added 2020/08/28 3:15 p.m.13 views

Server side request forgery (ssrf)

The Spinnaker template resolution functionality is vulnerable to Server-Side Request Forgery SSRF, which allows an attacker to send requests on behalf of Spinnaker potentially leading to sensitive data disclosure...

5CVSS7.4AI score0.01349EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2020/08/28 2:45 p.m.76 views

CVE-2020-9298

CVE-2020-9298 concerns the Spinnaker template resolution feature, which is vulnerable to Server-Side Request Forgery (SSRF) . The provided connected documents confirm that the vulnerability affects the Spinnaker template resolution functionality, enabling an attacker to send requests on behalf of...

7.5CVSS7.3AI score0.01349EPSS
Exploits0References1Affected Software1
AlpineLinux
AlpineLinux
added 2020/08/28 2:45 p.m.53 views

CVE-2020-9298

The Spinnaker template resolution functionality is vulnerable to Server-Side Request Forgery SSRF, which allows an attacker to send requests on behalf of Spinnaker potentially leading to sensitive data disclosure...

7.5CVSS7.5AI score0.01349EPSS
Exploits0
Cvelist
Cvelist
added 2020/08/28 2:45 p.m.18 views

CVE-2020-9298

The Spinnaker template resolution functionality is vulnerable to Server-Side Request Forgery SSRF, which allows an attacker to send requests on behalf of Spinnaker potentially leading to sensitive data disclosure...

7.4AI score0.01349EPSS
Exploits0References1
Rows per page
Query Builder