High severityNVD Advisory· Published Aug 28, 2020· Updated Aug 4, 2024
CVE-2020-9298
CVE-2020-9298
Description
The Spinnaker template resolution functionality is vulnerable to Server-Side Request Forgery (SSRF), which allows an attacker to send requests on behalf of Spinnaker potentially leading to sensitive data disclosure.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
com.netflix.spinnaker.orca:orca-coreMaven | < 8.7.0 | 8.7.0 |
Affected products
2- Spinnaker/Spinnakerdescription
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-4fcw-pq4r-f4q7ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-9298ghsaADVISORY
- github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2020-003.mdghsax_refsource_MISCWEB
- github.com/spinnaker/orca/pull/3706/commits/4f3c07da8fcacd67bb1984aef11b2066f2c0d11cghsaWEB
- github.com/spinnaker/orca/releases/tag/v8.7.0ghsaWEB
News mentions
0No linked articles in our index yet.