Lucene search
+L

114 matches found

CVE
CVE
added 2026/03/17 5:27 p.m.33 views

CVE-2026-25534

CVE-2026-25534 affects Spinnaker clouddriver and Orca URL validation, where underscores in hostnames were not properly handled by Java URL parsing, bypassing prior URL validation checks. Public sources (NVD/Red Hat/Snyk/OSV) confirm the impact and note that patches have been merged to be released...

9.1CVSS5.7AI score0.00246EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/17 12:0 a.m.10 views

Spinnaker 代码问题漏洞

Spinnaker is an open-source continuous delivery platform developed by Spinnaker. It is used to release software changes with high speed and confidence. Spinnaker has a code vulnerability that stems from improper handling of underscores when Java URL objects are parsed, which may lead to bypassing...

9.1CVSS5.8AI score0.00246EPSS
Exploits0References3
OSV
OSV
added 2026/03/16 3:15 p.m.4 views

GHSA-8R8J-GFHG-FW38 Spinnaker clouddriver and orca URL validation bypass via underscores in hostnames

Impact Spinnaker updated URL Validation logic on user input to provide sanitation on user inputted URLs for clouddriver. However, they missed that Java URL objects do not correctly handle underscores on parsing. This led to a bypass of the previous CVE CVE-2025-61916 through the use of carefully...

9.1CVSS5.7AI score0.00246EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/03/16 3:15 p.m.12 views

Spinnaker clouddriver and orca URL validation bypass via underscores in hostnames

Impact Spinnaker updated URL Validation logic on user input to provide sanitation on user inputted URLs for clouddriver. However, they missed that Java URL objects do not correctly handle underscores on parsing. This led to a bypass of the previous CVE CVE-2025-61916 through the use of carefully...

9.1CVSS5.7AI score0.00246EPSS
Exploits0References5Affected Software2
Positive Technologies
Positive Technologies
added 2026/03/16 12:0 a.m.9 views

PT-2026-25777

Impact Spinnaker updated URL Validation logic on user input to provide sanitation on user inputted URLs for clouddriver. However, they missed that Java URL objects do not correctly handle underscores on parsing. This led to a bypass of the previous CVE CVE-2025-61916 through the use of carefully...

9.1CVSS5.7AI score0.00246EPSS
Exploits0References12
RedhatCVE
RedhatCVE
added 2026/01/09 9:14 a.m.6 views

CVE-2022-23506

Spinnaker is an open source, multi-cloud continuous delivery platform for releasing software changes, and Spinnaker's Rosco microservice produces machine images. Rosco prior to versions 1.29.2, 1.28.4, and 1.27.3 does not property mask secrets generated via packer builds. This can lead to exposur...

7.5CVSS6.6AI score0.00541EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:12 a.m.4 views

CVE-2025-61916

Spinnaker is an open source, multi-cloud continuous delivery platform. Versions prior to 2025.1.6, 2025.2.3, and 2025.3.0 are vulnerable to server-side request forgery. The primary impact is allowing users to fetch data from a remote URL. This data can be then injected into spinnaker pipelines vi...

7.9CVSS6.8AI score0.00155EPSS
Exploits0References1
Snyk
Snyk
added 2026/01/05 10:55 p.m.5 views

Server-side Request Forgery (SSRF)

Overview io.spinnaker.orca:orca-clouddriver is a Spinnaker Orca Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via improper restrictions on user-supplied URLs when fetching data. An attacker can access internal resources, extract sensitive authentication data...

8.8CVSS6.9AI score0.00155EPSS
Exploits0References3
OSV
OSV
added 2026/01/05 10:55 p.m.8 views

GHSA-VRJC-Q2FH-6X9H Spinnaker vulnerable to SSRF due to improper restrictions on http from user input

Impact The primary impact is allowing users to fetch data from a remote URL. This data can be then injected into Spinnaker pipelines via helm or other methods to extract things LIKE idmsv1 authentication data. This ALSO includes calling INTERNAL Spinnaker API's via a get and similar endpoints...

7.9CVSS6.8AI score0.00246EPSS
Exploits0References3
Snyk
Snyk
added 2026/01/05 10:55 p.m.4 views

Server-side Request Forgery (SSRF)

Overview io.spinnaker.clouddriver:clouddriver-aws is a Spinnaker Clouddriver Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via improper restrictions on user-supplied URLs when fetching data. An attacker can access internal resources, extract sensitive...

8.8CVSS6.9AI score0.00155EPSS
Exploits0References3
EUVD
EUVD
added 2026/01/05 10:55 p.m.6 views

EUVD-2025-206237

Spinnaker vulnerable to SSRF due to improper restrictions on http from user input...

7.9CVSS6.3AI score0.00155EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/01/05 10:55 p.m.18 views

Spinnaker vulnerable to SSRF due to improper restrictions on http from user input

Impact The primary impact is allowing users to fetch data from a remote URL. This data can be then injected into Spinnaker pipelines via helm or other methods to extract things LIKE idmsv1 authentication data. This ALSO includes calling INTERNAL Spinnaker API's via a get and similar endpoints...

7.9CVSS6.9AI score0.00155EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2026/01/05 10:15 p.m.8 views

CVE-2025-61916

Spinnaker is an open source, multi-cloud continuous delivery platform. Versions prior to 2025.1.6, 2025.2.3, and 2025.3.0 are vulnerable to server-side request forgery. The primary impact is allowing users to fetch data from a remote URL. This data can be then injected into spinnaker pipelines vi...

7.9CVSS0.00155EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/05 9:14 p.m.28 views

CVE-2025-61916 Spinnaker vulnerable to SSRF due to improper restrictions on http from user input

Spinnaker is an open source, multi-cloud continuous delivery platform. Versions prior to 2025.1.6, 2025.2.3, and 2025.3.0 are vulnerable to server-side request forgery. The primary impact is allowing users to fetch data from a remote URL. This data can be then injected into spinnaker pipelines vi...

7.9CVSS0.00155EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/05 9:14 p.m.3 views

CVE-2025-61916 Spinnaker vulnerable to SSRF due to improper restrictions on http from user input

Spinnaker is an open source, multi-cloud continuous delivery platform. Versions prior to 2025.1.6, 2025.2.3, and 2025.3.0 are vulnerable to server-side request forgery. The primary impact is allowing users to fetch data from a remote URL. This data can be then injected into spinnaker pipelines vi...

7.9CVSS6.5AI score0.00155EPSS
Exploits0References1
CVE
CVE
added 2026/01/05 9:14 p.m.23 views

CVE-2025-61916

Spinnaker (multi-cloud CD platform) is affected by an SSRF vulnerability in versions before 2025.1.6, 2025.2.3, and 2025.3.0. The issue arises from server-side requests that can be triggered by user-supplied URLs through certain artifacts (e.g., GitHub, Bitbucket, GitLab, HTTP) and can be consume...

7.9CVSS6.5AI score0.00155EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/01/05 9:14 p.m.5 views

CVE-2025-61916 Spinnaker vulnerable to SSRF due to improper restrictions on http from user input

Spinnaker is an open source, multi-cloud continuous delivery platform. Versions prior to 2025.1.6, 2025.2.3, and 2025.3.0 are vulnerable to server-side request forgery. The primary impact is allowing users to fetch data from a remote URL. This data can be then injected into spinnaker pipelines vi...

7.9CVSS6.8AI score0.00155EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/05 12:0 a.m.9 views

PT-2026-1334

Name of the Vulnerable Software and Affected Versions Spinnaker versions prior to 2025.1.6 Spinnaker versions prior to 2025.2.3 Spinnaker versions prior to 2025.3.0 Description Spinnaker, an open source, multi-cloud continuous delivery platform, is susceptible to server-side request forgery. This...

7.9CVSS6.6AI score0.00155EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/01/05 12:0 a.m.7 views

Spinnaker 代码问题漏洞

Spinnaker is a continuous delivery platform from Spinnaker Open Source. It is used to release software changes with high speed and confidence. A code issue vulnerability exists in Spinnaker versions prior to 2025.1.6, prior to 2025.2.3, and prior to 2025.3.0, which stems from the presence of a...

7.9CVSS6.6AI score0.00155EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2021-25568

Malware in sbrugna...

7.1CVSS7AI score0.00344EPSS
Exploits1References2
Rows per page
Query Builder