CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2020-9301

HIGH
8.8
CVSS Severity Score
EPSS Score0.0860%
EPSS Percentile19.65th
Published2020年12月11日
Last Modified2024年11月21日

Vulnerability Description

Nolan Ray from Apple Information Security identified a security vulnerability in Spinnaker, all versions prior to version 1.23.4, 1.22.4 or 1.21.5. The vulnerability exists within the handling of SpEL expressions that allows an attacker to read and write arbitrary files within the orca container via authenticated HTTP POST requests.

Affected Platforms (CPE)

📦
Linuxfoundation

Spinnaker

< 1.21.5
📦
Linuxfoundation

Spinnaker

>= 1.22.0 and < 1.22.4
📦
Linuxfoundation

Spinnaker

>= 1.23.0 and < 1.23.4

References & Advisories

🔗 https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2020-006.md
🔗 https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2020-006.md

相關漏洞威脅

CVE-2021-4383210.0

Spinnaker is an open source, multi-cloud continuous delivery platform. Spinnaker has improper permissions allowing pipeline creati...

CVE-2020-92987.5

The Spinnaker template resolution functionality is vulnerable to Server-Side Request Forgery (SSRF), which allows an attacker to s...

CVE-2021-391436.6

Spinnaker is an open source, multi-cloud continuous delivery platform. A path traversal vulnerability was discovered in uses of TA...

CVE-2026-121917.8

A vulnerability was found in Comma AI Openpilot 0.11. This issue affects the function pickle.load/pickle.loads of the file selfdri...