CVE-2020-9298

HIGH

7.5

CVSS Severity Score

EPSS Score0.1100%

EPSS Percentile38.11th

PublishedAug 28, 2020

Last ModifiedNov 21, 2024

Vulnerability Description

The Spinnaker template resolution functionality is vulnerable to Server-Side Request Forgery (SSRF), which allows an attacker to send requests on behalf of Spinnaker potentially leading to sensitive data disclosure.

Affected Platforms (CPE)

📦

Spinnaker

Orca

< 8.7.0

References & Advisories

🔗 https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2020-003.md

Related Vulnerabilities

CVE-2021-359639.8

The specific parameter of upload function of the Orca HCM digital learning platform does not filter file format, which allows remo...

CVE-2021-359659.8

The Orca HCM digital learning platform uses a weak factory default administrator password, which is hard-coded in the source code ...

CVE-2008-51679.3

PHP remote file inclusion vulnerability in layout/default/params.php in Boonex Orca 2.0 and 2.0.2, when register_globals is enable...

CVE-2020-93018.8

Nolan Ray from Apple Information Security identified a security vulnerability in Spinnaker, all versions prior to version 1.23.4, ...