Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
linuxfoundation spinnaker vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-39348
Spinnaker is an open source, multi-cloud continuous delivery platform. Log output when updating GitHub status is improperly set to FULL always. It's recommended to apply the patch and rotate the GitHub token used for github status notifications. Given that this would output ...
Linuxfoundation Spinnaker
Linuxfoundation Spinnaker 1.30.0
NA
CVE-2022-23506
Spinnaker is an open source, multi-cloud continuous delivery platform for releasing software changes, and Spinnaker's Rosco microservice produces machine images. Rosco prior to versions 1.29.2, 1.28.4, and 1.27.3 does not property mask secrets generated via packer builds. Th...
Linuxfoundation Spinnaker
668
VMScore
CVE-2021-43832
Spinnaker is an open source, multi-cloud continuous delivery platform. Spinnaker has improper permissions allowing pipeline creation & execution. This lets an arbitrary user with access to the gate endpoint to create a pipeline and execute it without authentication. If users ...
Linuxfoundation Spinnaker
320
VMScore
CVE-2021-39143
Spinnaker is an open source, multi-cloud continuous delivery platform. A path traversal vulnerability exists in uses of TAR files by AppEngine for deployments. This uses a utility to extract files locally for deployment without validating the paths in that deployment don't o...
Linuxfoundation Spinnaker
578
VMScore
CVE-2020-9301
Nolan Ray from Apple Information Security identified a security vulnerability in Spinnaker, all versions prior to version 1.23.4, 1.22.4 or 1.21.5. The vulnerability exists within the handling of SpEL expressions that allows an malicious user to read and write arbitrary files wit...
Linuxfoundation Spinnaker
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49333
CVE-2024-33901
CVE-2024-36001
CVE-2024-2835
firewall
XPath injection
authentication bypass
CVE-2024-22120
CVE-2024-32002
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started