Description
The Spinnaker template resolution functionality is vulnerable to Server-Side Request Forgery (SSRF), which allows an attacker to send requests on behalf of Spinnaker potentially leading to sensitive data disclosure.
Remediation
References
https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2020-003.md
Related Vulnerabilities
CVE-2020-14966 Vulnerability in maven package org.webjars.bowergithub.kjur:jsrsasign
CVE-2021-23353 Vulnerability in maven package org.webjars.bowergithub.mrrio:jspdf
CVE-2022-31112 Vulnerability in npm package parse-server
CVE-2012-3451 Vulnerability in maven package org.apache.cxf:cxf-bundle-jaxrs
CVE-2023-26474 Vulnerability in maven package org.xwiki.platform:xwiki-platform-oldcore