What is CVE-2021-39143?

CVE-2021-39143 is a path traversal vulnerability in Spinnaker, an open source multi-cloud continuous delivery platform.

What is the severity of CVE-2021-39143?

The severity of CVE-2021-39143 is high, with a CVSS score of 7.1.

How does CVE-2021-39143 affect Spinnaker?

CVE-2021-39143 affects Spinnaker versions 1.24.7 to 1.26.7, allowing path traversal attacks in TAR file deployments.

How can I mitigate the CVE-2021-39143 vulnerability in Spinnaker?

To mitigate the CVE-2021-39143 vulnerability in Spinnaker, update to a version higher than 1.26.7.

Where can I find more information about CVE-2021-39143?

You can find more information about CVE-2021-39143 in the Spinnaker security advisories at https://github.com/spinnaker/spinnaker/security/advisories/GHSA-34jx-3vmr-56v8.

Vulnerability/
CVE-2021-39143

high

7.1

CWE

4/1/2022

4/8/2024

CVE-2021-39143: Path Traversal in spinnaker

First published: Tue Jan 04 2022(Updated: )

Spinnaker is an open source, multi-cloud continuous delivery platform. A path traversal vulnerability was discovered in uses of TAR files by AppEngine for deployments. This uses a utility to extract files locally for deployment without validating the paths in that deployment don't override system files. This would allow an attacker to override files on the container, POTENTIALLY introducing a MITM type attack vector by replacing libraries or injecting wrapper files. Users are advised to update as soon as possible. For users unable to update disable Google AppEngine deployments and/or disable artifacts that provide TARs.

Credit: security-advisories@github.com

Affected Software	Affected Version	How to fix
Linuxfoundation Spinnaker	<1.24.7
Linuxfoundation Spinnaker	>=1.25.0<1.25.7
Linuxfoundation Spinnaker	>=1.26.0<1.26.7

Never miss a vulnerability like this again

Reference Links

https://github.com/spinnaker/spinnaker/security/advisories/GHSA-34jx-3vmr-56v8

Frequently Asked Questions

What is CVE-2021-39143?
CVE-2021-39143 is a path traversal vulnerability in Spinnaker, an open source multi-cloud continuous delivery platform.
What is the severity of CVE-2021-39143?
The severity of CVE-2021-39143 is high, with a CVSS score of 7.1.
How does CVE-2021-39143 affect Spinnaker?
CVE-2021-39143 affects Spinnaker versions 1.24.7 to 1.26.7, allowing path traversal attacks in TAR file deployments.
How can I mitigate the CVE-2021-39143 vulnerability in Spinnaker?
To mitigate the CVE-2021-39143 vulnerability in Spinnaker, update to a version higher than 1.26.7.
Where can I find more information about CVE-2021-39143?
You can find more information about CVE-2021-39143 in the Spinnaker security advisories at https://github.com/spinnaker/spinnaker/security/advisories/GHSA-34jx-3vmr-56v8.

collector/nvd-index
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/title
agent/severity
agent/last-modified-date
agent/author
agent/references
agent/weakness
agent/tags
agent/description
agent/first-publish-date
agent/event
vendor/linuxfoundation
canonical/linuxfoundation spinnaker
version/linuxfoundation spinnaker/1.25.0
version/linuxfoundation spinnaker/1.26.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.