11 matches found
CVE-2022-23506
Spinnaker is an open source, multi-cloud continuous delivery platform for releasing software changes, and Spinnaker's Rosco microservice produces machine images. Rosco prior to versions 1.29.2, 1.28.4, and 1.27.3 does not property mask secrets generated via packer builds. This can lead to exposur...
CVE-2025-61916
Spinnaker is an open source, multi-cloud continuous delivery platform. Versions prior to 2025.1.6, 2025.2.3, and 2025.3.0 are vulnerable to server-side request forgery. The primary impact is allowing users to fetch data from a remote URL. This data can be then injected into spinnaker pipelines vi...
EUVD-2022-28552
Malicious code in bioql PyPI...
CVE-2022-23506
Spinnaker is an open source, multi-cloud continuous delivery platform for releasing software changes, and Spinnaker's Rosco microservice produces machine images. Rosco prior to versions 1.29.2, 1.28.4, and 1.27.3 does not property mask secrets generated via packer builds. This can lead to exposur...
Design/Logic Flaw
Spinnaker is an open source, multi-cloud continuous delivery platform for releasing software changes, and Spinnaker's Rosco microservice produces machine images. Rosco prior to versions 1.29.2, 1.28.4, and 1.27.3 does not property mask secrets generated via packer builds. This can lead to exposur...
CVE-2022-23506 Spinnaker's Rosco microservice vulnerable to improper log masking on AWS Packer builds
Spinnaker is an open source, multi-cloud continuous delivery platform for releasing software changes, and Spinnaker's Rosco microservice produces machine images. Rosco prior to versions 1.29.2, 1.28.4, and 1.27.3 does not property mask secrets generated via packer builds. This can lead to exposur...
CVE-2022-23506 Spinnaker's Rosco microservice vulnerable to improper log masking on AWS Packer builds
Spinnaker is an open source, multi-cloud continuous delivery platform for releasing software changes, and Spinnaker's Rosco microservice produces machine images. Rosco prior to versions 1.29.2, 1.28.4, and 1.27.3 does not property mask secrets generated via packer builds. This can lead to exposur...
CVE-2022-23506 Spinnaker's Rosco microservice vulnerable to improper log masking on AWS Packer builds
Spinnaker is an open source, multi-cloud continuous delivery platform for releasing software changes, and Spinnaker's Rosco microservice produces machine images. Rosco prior to versions 1.29.2, 1.28.4, and 1.27.3 does not property mask secrets generated via packer builds. This can lead to exposur...
CVE-2022-23506
CVE-2022-23506 affects Spinnaker’s Rosco microservice. Prior to versions 1.29.2, 1.28.4, and 1.27.3, Rosco did not properly mask secrets generated during Packer builds, which could expose AWS credentials in log files. The issue is mitigated in 1.29.2, 1.28.4, and 1.27.3+ fixes. A workaround recom...
PT-2023-12722 · Spinnaker +2 · Spinnaker +2
Name of the Vulnerable Software and Affected Versions: Spinnaker's Rosco microservice versions prior to 1.29.2, 1.28.4, and 1.27.3 Description: Spinnaker is an open source, multi-cloud continuous delivery platform for releasing software changes, and Spinnaker's Rosco microservice produces machine...
rosco.com XSS vulnerability
Open Bug Bounty ID: OBB-128167 Description| Value ---|--- Affected Website:| rosco.com Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat Sheet...