CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2023-39348 – Improper log output when using GitHub Status Notifications in spinnaker
https://notcve.org/view.php?id=CVE-2023-39348
Spinnaker is an open source, multi-cloud continuous delivery platform. Log output when updating GitHub status is improperly set to FULL always. It's recommended to apply the patch and rotate the GitHub token used for github status notifications. Given that this would output github tokens to a log system, the risk is slightly higher than a "low" since token exposure could grant elevated access to repositories outside of control. If using READ restricted tokens, the exposure is such that the token itself could be used to access resources otherwise restricted from reads. • https://github.com/spinnaker/echo/pull/1316 https://github.com/spinnaker/spinnaker/security/advisories/GHSA-rq5c-hvw6-8pr7 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-23506 – Spinnaker's Rosco microservice vulnerable to improper log masking on AWS Packer builds
https://notcve.org/view.php?id=CVE-2022-23506
Spinnaker is an open source, multi-cloud continuous delivery platform for releasing software changes, and Spinnaker's Rosco microservice produces machine images. Rosco prior to versions 1.29.2, 1.28.4, and 1.27.3 does not property mask secrets generated via packer builds. This can lead to exposure of sensitive AWS credentials in packer log files. Versions 1.29.2, 1.28.4, and 1.27.3 of Rosco contain fixes for this issue. A workaround is available. It's recommended to use short lived credentials via role assumption and IAM profiles. • https://github.com/spinnaker/rosco/commit/e80cfaa1abfb3a0e9026d45d6027291bfb815daf https://github.com/spinnaker/spinnaker/security/advisories/GHSA-2233-cqj8-j2q5 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 0CVE-2021-43832 – Improper Access Control in spinnaker
https://notcve.org/view.php?id=CVE-2021-43832
Spinnaker is an open source, multi-cloud continuous delivery platform. Spinnaker has improper permissions allowing pipeline creation & execution. This lets an arbitrary user with access to the gate endpoint to create a pipeline and execute it without authentication. If users haven't setup Role-based access control (RBAC) with-in spinnaker, this enables remote execution and access to deploy almost any resources on any account. Patches are available on the latest releases of the supported branches and users are advised to upgrade as soon as possible. • https://github.com/spinnaker/spinnaker/security/advisories/GHSA-9h7c-rfrp-gvgp • CWE-306: Missing Authentication for Critical Function •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 1CVE-2021-39143 – Path Traversal in spinnaker
https://notcve.org/view.php?id=CVE-2021-39143
Spinnaker is an open source, multi-cloud continuous delivery platform. A path traversal vulnerability was discovered in uses of TAR files by AppEngine for deployments. This uses a utility to extract files locally for deployment without validating the paths in that deployment don't override system files. This would allow an attacker to override files on the container, POTENTIALLY introducing a MITM type attack vector by replacing libraries or injecting wrapper files. Users are advised to update as soon as possible. • https://github.com/spinnaker/spinnaker/security/advisories/GHSA-34jx-3vmr-56v8 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2020-9301
https://notcve.org/view.php?id=CVE-2020-9301
Nolan Ray from Apple Information Security identified a security vulnerability in Spinnaker, all versions prior to version 1.23.4, 1.22.4 or 1.21.5. The vulnerability exists within the handling of SpEL expressions that allows an attacker to read and write arbitrary files within the orca container via authenticated HTTP POST requests. Nolan Ray de Apple Information Security identificó una vulnerabilidad de seguridad en Spinnaker, todas las versiones anteriores a la versión 1.23.4, 1.22.4 o 1.21.5. La vulnerabilidad se presenta dentro del manejo de expresiones SpEL que permite a un atacante leer y escribir archivos arbitrarios dentro del contenedor orca por medio de peticiones POST HTTP autenticadas • https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2020-006.md • CWE-502: Deserialization of Untrusted Data •