Description
The Spinnaker template resolution functionality is vulnerable to Server-Side Request Forgery (SSRF), which allows an attacker to send requests on behalf of Spinnaker potentially leading to sensitive data disclosure.
Remediation
References
https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2020-003.md
Related Vulnerabilities
CVE-2023-50249 Vulnerability in npm package @sentry/astro
CVE-2022-35942 Vulnerability in npm package loopback-connector-postgresql
CVE-2019-10773 Vulnerability in maven package org.webjars.npm:yarn
CVE-2021-21633 Vulnerability in maven package org.jenkins-ci.plugins:dependency-track
CVE-2021-43797 Vulnerability in maven package io.netty:netty-codec-http