CVE-2020-9298

Опубликовано: 28 авг. 2020

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

The Spinnaker template resolution functionality is vulnerable to Server-Side Request Forgery (SSRF), which allows an attacker to send requests on behalf of Spinnaker potentially leading to sensitive data disclosure.

Ссылки

https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2020-003.md
Patch
Third Party Advisory
https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2020-003.md
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:spinnaker:orca:*:*:*:*:*:*:*:*

Версия до 8.7.0 (исключая)

EPSS

Процентиль: 57%

0.00347

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-918

Связанные уязвимости

GHSA-4fcw-pq4r-f4q7