Server-Side Request Forgery Vulnerability in Spinnaker by Netflix
CVE-2020-9298

7.5HIGH

Key Information:

Vendor: Spinnaker
Status: Netflix Orca Spinnaker
Vendor: CVE Published:; 28 August 2020

What is CVE-2020-9298?

The Spinnaker template resolution functionality is susceptible to Server-Side Request Forgery (SSRF), enabling an attacker to send forged requests on behalf of the Spinnaker platform. This vulnerability can result in the unauthorized exposure of sensitive data, as the attacker may exploit the application to access internal resources that are not otherwise reachable, potentially leading to significant security risks.

Affected Version(s)

Netflix Orca Spinnaker All versions prior to version v8.7.0

References

https://github.com/Netflix/security-bulletins/blob/master...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 28, 2020
Vulnerability Reserved
Feb 19, 2020

CVE-2020-9298 Data

JSON