Skip to content

Latest commit

 

History

History
33 lines (23 loc) · 719 Bytes

nflx-2020-003.md

File metadata and controls

33 lines (23 loc) · 719 Bytes
Raw
Advisory ID:

NFLX-2020-003

Advisory Title:

Authenticated Server-Side Request Forgery in Spinnaker

Credit:

Venkat from armory.io

Author:

Dan Kohlbrenner / [email protected]

Release Date:

05/29/2020

Application:

Spinnaker (specifically Orca)

Release:

orca < v8.7.0

Source:

https://github.com/spinnaker/orca

Severity:

Critical

Overview:

Venkat discovered that the Spinnaker template resolution functionality is vulnerable to the Server-Side Request Forgery on the /pipelineTemplate endpoint. It is recommended that users update to the v8.7.0 release.

Patch:

orca < v8.7.0 https://github.com/spinnaker/orca/releases/tag/v8.7.0