Description
The Spinnaker template resolution functionality is vulnerable to Server-Side Request Forgery (SSRF), which allows an attacker to send requests on behalf of Spinnaker potentially leading to sensitive data disclosure.
Remediation
References
https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2020-003.md
Related Vulnerabilities
CVE-2023-26488 Vulnerability in npm package @openzeppelin/contracts-upgradeable
CVE-2021-21179 Vulnerability in npm package electron
CVE-2021-35513 Vulnerability in maven package org.webjars.bower:mermaid
CVE-2023-29522 Vulnerability in maven package org.xwiki.platform:xwiki-platform-xclass-ui
CVE-2023-44270 Vulnerability in maven package org.webjars.npm:postcss