CyberSec.Space Logo
Back to CVE Browser

CVE-2020-9301

HIGH
8.8
CVSS Severity Score
EPSS Score0.0860%
EPSS Percentile19.65th
PublishedDec 11, 2020
Last ModifiedNov 21, 2024

Vulnerability Description

Nolan Ray from Apple Information Security identified a security vulnerability in Spinnaker, all versions prior to version 1.23.4, 1.22.4 or 1.21.5. The vulnerability exists within the handling of SpEL expressions that allows an attacker to read and write arbitrary files within the orca container via authenticated HTTP POST requests.

Affected Platforms (CPE)

📦
Linuxfoundation

Spinnaker

< 1.21.5
📦
Linuxfoundation

Spinnaker

>= 1.22.0 and < 1.22.4
📦
Linuxfoundation

Spinnaker

>= 1.23.0 and < 1.23.4

References & Advisories

🔗 https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2020-006.md
🔗 https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2020-006.md

Related Vulnerabilities

CVE-2021-4383210.0

Spinnaker is an open source, multi-cloud continuous delivery platform. Spinnaker has improper permissions allowing pipeline creati...

CVE-2020-92987.5

The Spinnaker template resolution functionality is vulnerable to Server-Side Request Forgery (SSRF), which allows an attacker to s...

CVE-2021-391436.6

Spinnaker is an open source, multi-cloud continuous delivery platform. A path traversal vulnerability was discovered in uses of TA...

CVE-2026-121917.8

A vulnerability was found in Comma AI Openpilot 0.11. This issue affects the function pickle.load/pickle.loads of the file selfdri...