114 matches found
Advisory ROSA-SA-2021-1942
Software: orca 3.6.3 OS: Cobalt 7.9 CVE-ID: CVE-2020-9298 CVE-Crit: HIGH CVE-DESC: The spinnaker template resolution feature is vulnerable to server-side request forgery SSRF, which allows an attacker to send requests on behalf of the spinnaker, potentially exposing sensitive data. CVE-STATUS:...
GHSA-4FCW-PQ4R-F4Q7 Server-Side Request Forgery in Spinnaker Orca
The Spinnaker template resolution functionality is vulnerable to Server-Side Request Forgery SSRF, which allows an attacker to send requests on behalf of Spinnaker potentially leading to sensitive data disclosure...
Server-Side Request Forgery in Spinnaker Orca
The Spinnaker template resolution functionality is vulnerable to Server-Side Request Forgery SSRF, which allows an attacker to send requests on behalf of Spinnaker potentially leading to sensitive data disclosure...
CVE-2020-9301
Nolan Ray from Apple Information Security identified a security vulnerability in Spinnaker, all versions prior to version 1.23.4, 1.22.4 or 1.21.5. The vulnerability exists within the handling of SpEL expressions that allows an attacker to read and write arbitrary files within the orca container...
Design/Logic Flaw
Nolan Ray from Apple Information Security identified a security vulnerability in Spinnaker, all versions prior to version 1.23.4, 1.22.4 or 1.21.5. The vulnerability exists within the handling of SpEL expressions that allows an attacker to read and write arbitrary files within the orca container...
CVE-2020-9301
CVE-2020-9301 affects Spinnaker before v1.23.4, v1.22.4, and v1.21.5. The issue involves handling of SpEL expressions allowing an authenticated attacker to read and write arbitrary files inside the orca container via HTTP POST requests. Affected component: Spinnaker container/orca handling of SpE...
CVE-2020-9301
Nolan Ray from Apple Information Security identified a security vulnerability in Spinnaker, all versions prior to version 1.23.4, 1.22.4 or 1.21.5. The vulnerability exists within the handling of SpEL expressions that allows an attacker to read and write arbitrary files within the orca container...
Netflix Spinnaker Code Issue Vulnerability
Netflix Spinnaker is a continuous delivery platform from the American company Netflix. The platform serves as a cloud platform deployment tool that supports Google, Microsoft, Pivotal, and other cloud platforms, providing out-of-the-box cluster management and deployment capabilities. Netflix...
CVE-2020-9298
The Spinnaker template resolution functionality is vulnerable to Server-Side Request Forgery SSRF, which allows an attacker to send requests on behalf of Spinnaker potentially leading to sensitive data disclosure...
CVE-2020-9298
The Spinnaker template resolution functionality is vulnerable to Server-Side Request Forgery SSRF, which allows an attacker to send requests on behalf of Spinnaker potentially leading to sensitive data disclosure...
Server side request forgery (ssrf)
The Spinnaker template resolution functionality is vulnerable to Server-Side Request Forgery SSRF, which allows an attacker to send requests on behalf of Spinnaker potentially leading to sensitive data disclosure...
CVE-2020-9298
CVE-2020-9298 concerns the Spinnaker template resolution feature, which is vulnerable to Server-Side Request Forgery (SSRF) . The provided connected documents confirm that the vulnerability affects the Spinnaker template resolution functionality, enabling an attacker to send requests on behalf of...
CVE-2020-9298
The Spinnaker template resolution functionality is vulnerable to Server-Side Request Forgery SSRF, which allows an attacker to send requests on behalf of Spinnaker potentially leading to sensitive data disclosure...
CVE-2020-9298
The Spinnaker template resolution functionality is vulnerable to Server-Side Request Forgery SSRF, which allows an attacker to send requests on behalf of Spinnaker potentially leading to sensitive data disclosure...