4 matches found
CVE-2020-9301
Nolan Ray from Apple Information Security identified a security vulnerability in Spinnaker, all versions prior to version 1.23.4, 1.22.4 or 1.21.5. The vulnerability exists within the handling of SpEL expressions that allows an attacker to read and write arbitrary files within the orca container...
CVE-2020-9301
CVE-2020-9301 affects Spinnaker before v1.23.4, v1.22.4, and v1.21.5. The issue involves handling of SpEL expressions allowing an authenticated attacker to read and write arbitrary files inside the orca container via HTTP POST requests. Affected component: Spinnaker container/orca handling of SpE...
CVE-2020-9301
Nolan Ray from Apple Information Security identified a security vulnerability in Spinnaker, all versions prior to version 1.23.4, 1.22.4 or 1.21.5. The vulnerability exists within the handling of SpEL expressions that allows an attacker to read and write arbitrary files within the orca container...
IDOR can reveal execution data and logs to unauthorized user in Rundeck
Impact Authenticated users can craft a request that reveals Execution data and logs and Job details that they are not authorized to see. Depending on the configuration and the way that Rundeck is used, this could result in anything between a high severity risk, or a very low risk. If access is...