CVE-2023-39348
- EPSS 0.22%
- Published 28.08.2023 20:15:08
- Last modified 21.11.2024 08:15:12
Spinnaker is an open source, multi-cloud continuous delivery platform. Log output when updating GitHub status is improperly set to FULL always. It's recommended to apply the patch and rotate the GitHub token used for github status notifications. Gi...
CVE-2022-23506
- EPSS 0.11%
- Published 03.01.2023 21:15:11
- Last modified 21.11.2024 06:48:42
Spinnaker is an open source, multi-cloud continuous delivery platform for releasing software changes, and Spinnaker's Rosco microservice produces machine images. Rosco prior to versions 1.29.2, 1.28.4, and 1.27.3 does not property mask secrets genera...
CVE-2021-43832
- EPSS 1.82%
- Published 04.01.2022 20:15:07
- Last modified 21.11.2024 06:29:53
Spinnaker is an open source, multi-cloud continuous delivery platform. Spinnaker has improper permissions allowing pipeline creation & execution. This lets an arbitrary user with access to the gate endpoint to create a pipeline and execute it without...
CVE-2021-39143
- EPSS 0.09%
- Published 04.01.2022 18:15:08
- Last modified 21.11.2024 06:18:41
Spinnaker is an open source, multi-cloud continuous delivery platform. A path traversal vulnerability was discovered in uses of TAR files by AppEngine for deployments. This uses a utility to extract files locally for deployment without validating the...
CVE-2020-9301
- EPSS 0.81%
- Published 11.12.2020 03:15:11
- Last modified 21.11.2024 05:40:22
Nolan Ray from Apple Information Security identified a security vulnerability in Spinnaker, all versions prior to version 1.23.4, 1.22.4 or 1.21.5. The vulnerability exists within the handling of SpEL expressions that allows an attacker to read and w...