Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
linuxfoundation spinnaker vulnerabilities and exploits
(subscribe to this query)
5.3
CVSSv3
CVE-2023-39348
Spinnaker is an open source, multi-cloud continuous delivery platform. Log output when updating GitHub status is improperly set to FULL always. It's recommended to apply the patch and rotate the GitHub token used for github status notifications. Given that this would output ...
Linuxfoundation Spinnaker
Linuxfoundation Spinnaker 1.30.0
7.1
CVSSv3
CVE-2021-39143
Spinnaker is an open source, multi-cloud continuous delivery platform. A path traversal vulnerability exists in uses of TAR files by AppEngine for deployments. This uses a utility to extract files locally for deployment without validating the paths in that deployment don't o...
Linuxfoundation Spinnaker
8.8
CVSSv3
CVE-2020-9301
Nolan Ray from Apple Information Security identified a security vulnerability in Spinnaker, all versions prior to version 1.23.4, 1.22.4 or 1.21.5. The vulnerability exists within the handling of SpEL expressions that allows an malicious user to read and write arbitrary files wit...
Linuxfoundation Spinnaker
9.8
CVSSv3
CVE-2021-43832
Spinnaker is an open source, multi-cloud continuous delivery platform. Spinnaker has improper permissions allowing pipeline creation & execution. This lets an arbitrary user with access to the gate endpoint to create a pipeline and execute it without authentication. If users ...
Linuxfoundation Spinnaker
7.5
CVSSv3
CVE-2022-23506
Spinnaker is an open source, multi-cloud continuous delivery platform for releasing software changes, and Spinnaker's Rosco microservice produces machine images. Rosco prior to versions 1.29.2, 1.28.4, and 1.27.3 does not property mask secrets generated via packer builds. Th...
Linuxfoundation Spinnaker
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32976
CVE-2024-33557
CVE-2024-36801
CVE-2024-35654
authentication bypass
CVE-2024-24919
CSRF
code execution
CVE-2024-27348
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started