HIGH🇵🇱 Wersja polska

CVE-2020-9301

CVSS 8.8v3.1pub. 2020-12-11upd. 2024-11-21

Nolan Ray from Apple Information Security identified a security vulnerability in Spinnaker, all versions prior to version 1.23.4, 1.22.4 or 1.21.5. The vulnerability exists within the handling of SpEL expressions that allows an attacker to read and write arbitrary files within the orca container via authenticated HTTP POST requests.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Linuxfoundation Spinnaker

    APP
    Linuxfoundation
    < 1.21.51.22.0 – 1.22.4 (bez)1.23.0 – 1.23.4 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
ContainerDeserialization
CWE
References

Related vulnerabilities

CVE-2026-32613CRITICAL9.9PL ✓ten sam produkt

Spinnaker Echo: nieograniczony dostęp SPeL umożliwia RCE

CVE-2026-32604CRITICAL9.9PL ✓ten sam produkt

RCE w Spinnaker — wykonanie dowolnych poleceń na podach clouddriver

CVE-2021-43832CRITICAL10.0ten sam produkt

Spinnaker is an open source, multi-cloud continuous delivery platform. Spinnaker has improper permissions allo...

CVE-2025-61916HIGH7.9ten sam produkt

Spinnaker is an open source, multi-cloud continuous delivery platform. Versions prior to 2025.1.6, 2025.2.3, a...

CVE-2023-39348MEDIUM4.0ten sam produkt

Spinnaker is an open source, multi-cloud continuous delivery platform. Log output when updating GitHub status ...