Nolan Ray from Apple Information Security identified a security vulnerability in Spinnaker, all versions prior to version 1.23.4, 1.22.4 or 1.21.5. The vulnerability exists within the handling of SpEL expressions that allows an attacker to read and write arbitrary files within the orca container via authenticated HTTP POST requests.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HLinuxfoundation Spinnaker
APPLinuxfoundation< 1.21.51.22.0 – 1.22.4 (bez)1.23.0 – 1.23.4 (bez)
Powiązane podatności
Spinnaker Echo: nieograniczony dostęp SPeL umożliwia RCE
RCE w Spinnaker — wykonanie dowolnych poleceń na podach clouddriver
Spinnaker is an open source, multi-cloud continuous delivery platform. Spinnaker has improper permissions allo...
Spinnaker is an open source, multi-cloud continuous delivery platform. Versions prior to 2025.1.6, 2025.2.3, a...
Spinnaker is an open source, multi-cloud continuous delivery platform. Log output when updating GitHub status ...