Skip to content
Permalink
master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Go to file
 
 
Cannot retrieve contributors at this time
Advisory ID:

NFLX-2020-003

Advisory Title:

Authenticated Server-Side Request Forgery in Spinnaker

Credit:

Venkat from armory.io

Author:

Dan Kohlbrenner / dkohlbrenner@netflix.com

Release Date:

05/29/2020

Application:

Spinnaker (specifically Orca)

Release:

orca < v8.7.0

Source:

https://github.com/spinnaker/orca

Severity:

Critical

Overview:

Venkat discovered that the Spinnaker template resolution functionality is vulnerable to the Server-Side Request Forgery on the /pipelineTemplate endpoint. It is recommended that users update to the v8.7.0 release.

Patch:

orca < v8.7.0 https://github.com/spinnaker/orca/releases/tag/v8.7.0