114 matches found
CVE-2026-25534
CVE-2026-25534 affects Spinnaker clouddriver and Orca URL validation, where underscores in hostnames were not properly handled by Java URL parsing, bypassing prior URL validation checks. Public sources (NVD/Red Hat/Snyk/OSV) confirm the impact and note that patches have been merged to be released...
Spinnaker 代码问题漏洞
Spinnaker is an open-source continuous delivery platform developed by Spinnaker. It is used to release software changes with high speed and confidence. Spinnaker has a code vulnerability that stems from improper handling of underscores when Java URL objects are parsed, which may lead to bypassing...
GHSA-8R8J-GFHG-FW38 Spinnaker clouddriver and orca URL validation bypass via underscores in hostnames
Impact Spinnaker updated URL Validation logic on user input to provide sanitation on user inputted URLs for clouddriver. However, they missed that Java URL objects do not correctly handle underscores on parsing. This led to a bypass of the previous CVE CVE-2025-61916 through the use of carefully...
Spinnaker clouddriver and orca URL validation bypass via underscores in hostnames
Impact Spinnaker updated URL Validation logic on user input to provide sanitation on user inputted URLs for clouddriver. However, they missed that Java URL objects do not correctly handle underscores on parsing. This led to a bypass of the previous CVE CVE-2025-61916 through the use of carefully...
PT-2026-25777
Impact Spinnaker updated URL Validation logic on user input to provide sanitation on user inputted URLs for clouddriver. However, they missed that Java URL objects do not correctly handle underscores on parsing. This led to a bypass of the previous CVE CVE-2025-61916 through the use of carefully...
CVE-2022-23506
Spinnaker is an open source, multi-cloud continuous delivery platform for releasing software changes, and Spinnaker's Rosco microservice produces machine images. Rosco prior to versions 1.29.2, 1.28.4, and 1.27.3 does not property mask secrets generated via packer builds. This can lead to exposur...
CVE-2025-61916
Spinnaker is an open source, multi-cloud continuous delivery platform. Versions prior to 2025.1.6, 2025.2.3, and 2025.3.0 are vulnerable to server-side request forgery. The primary impact is allowing users to fetch data from a remote URL. This data can be then injected into spinnaker pipelines vi...
Server-side Request Forgery (SSRF)
Overview io.spinnaker.orca:orca-clouddriver is a Spinnaker Orca Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via improper restrictions on user-supplied URLs when fetching data. An attacker can access internal resources, extract sensitive authentication data...
GHSA-VRJC-Q2FH-6X9H Spinnaker vulnerable to SSRF due to improper restrictions on http from user input
Impact The primary impact is allowing users to fetch data from a remote URL. This data can be then injected into Spinnaker pipelines via helm or other methods to extract things LIKE idmsv1 authentication data. This ALSO includes calling INTERNAL Spinnaker API's via a get and similar endpoints...
Server-side Request Forgery (SSRF)
Overview io.spinnaker.clouddriver:clouddriver-aws is a Spinnaker Clouddriver Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via improper restrictions on user-supplied URLs when fetching data. An attacker can access internal resources, extract sensitive...
EUVD-2025-206237
Spinnaker vulnerable to SSRF due to improper restrictions on http from user input...
Spinnaker vulnerable to SSRF due to improper restrictions on http from user input
Impact The primary impact is allowing users to fetch data from a remote URL. This data can be then injected into Spinnaker pipelines via helm or other methods to extract things LIKE idmsv1 authentication data. This ALSO includes calling INTERNAL Spinnaker API's via a get and similar endpoints...
CVE-2025-61916
Spinnaker is an open source, multi-cloud continuous delivery platform. Versions prior to 2025.1.6, 2025.2.3, and 2025.3.0 are vulnerable to server-side request forgery. The primary impact is allowing users to fetch data from a remote URL. This data can be then injected into spinnaker pipelines vi...
CVE-2025-61916 Spinnaker vulnerable to SSRF due to improper restrictions on http from user input
Spinnaker is an open source, multi-cloud continuous delivery platform. Versions prior to 2025.1.6, 2025.2.3, and 2025.3.0 are vulnerable to server-side request forgery. The primary impact is allowing users to fetch data from a remote URL. This data can be then injected into spinnaker pipelines vi...
CVE-2025-61916 Spinnaker vulnerable to SSRF due to improper restrictions on http from user input
Spinnaker is an open source, multi-cloud continuous delivery platform. Versions prior to 2025.1.6, 2025.2.3, and 2025.3.0 are vulnerable to server-side request forgery. The primary impact is allowing users to fetch data from a remote URL. This data can be then injected into spinnaker pipelines vi...
CVE-2025-61916
Spinnaker (multi-cloud CD platform) is affected by an SSRF vulnerability in versions before 2025.1.6, 2025.2.3, and 2025.3.0. The issue arises from server-side requests that can be triggered by user-supplied URLs through certain artifacts (e.g., GitHub, Bitbucket, GitLab, HTTP) and can be consume...
CVE-2025-61916 Spinnaker vulnerable to SSRF due to improper restrictions on http from user input
Spinnaker is an open source, multi-cloud continuous delivery platform. Versions prior to 2025.1.6, 2025.2.3, and 2025.3.0 are vulnerable to server-side request forgery. The primary impact is allowing users to fetch data from a remote URL. This data can be then injected into spinnaker pipelines vi...
PT-2026-1334
Name of the Vulnerable Software and Affected Versions Spinnaker versions prior to 2025.1.6 Spinnaker versions prior to 2025.2.3 Spinnaker versions prior to 2025.3.0 Description Spinnaker, an open source, multi-cloud continuous delivery platform, is susceptible to server-side request forgery. This...
Spinnaker 代码问题漏洞
Spinnaker is a continuous delivery platform from Spinnaker Open Source. It is used to release software changes with high speed and confidence. A code issue vulnerability exists in Spinnaker versions prior to 2025.1.6, prior to 2025.2.3, and prior to 2025.3.0, which stems from the presence of a...
EUVD-2021-25568
Malware in sbrugna...