Spinnaker Server-Side Request Forgery Vulnerability

A server-side request forgery (SSRF) vulnerability has been identified in Spinnaker versions prior to 2025.1.6, 2025.2.3, and 2025.3.0. This vulnerability allows users to fetch data from remote URLs, which can then be injected into Spinnaker pipelines via Helm or other methods. Such injection could extract sensitive information, like IDMSv1 authentication data. The vulnerability also permits calls to internal Spinnaker APIs through GET and similar endpoints. Depending on the artifact involved, authentication data might be exposed to arbitrary endpoints, such as GitHub, leading to credential leakage.

Impact

Exploitation of this vulnerability could result in unauthorized data access and injection into Spinnaker pipelines, potentially leading to exposure of sensitive authentication information and credentials.

Remediation

Users can upgrade to Spinnaker versions 2025.1.6, 2025.2.3, or 2025.3.0 to address this vulnerability. As a workaround, HTTP account types that allow user input of URLs can be disabled, although this may not be feasible in many cases. Alternatively, OPA policies can be used to restrict pipeline access to valid URLs.