Description
The Spinnaker template resolution functionality is vulnerable to Server-Side Request Forgery (SSRF), which allows an attacker to send requests on behalf of Spinnaker potentially leading to sensitive data disclosure.
Remediation
References
https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2020-003.md
Related Vulnerabilities
CVE-2022-4244 Vulnerability in maven package org.codehaus.plexus:plexus-utils
CVE-2023-27563 Vulnerability in npm package n8n
CVE-2022-41928 Vulnerability in maven package org.xwiki.platform:xwiki-platform-attachment-ui
CVE-2021-32640 Vulnerability in npm package ws
CVE-2022-23532 Vulnerability in maven package org.neo4j.procedure:apoc