CVE-2021-39143

Spinnaker is an open source, multi-cloud continuous delivery platform. A path traversal vulnerability was discovered in uses of TAR files by AppEngine for deployments. This uses a utility to extract files locally for deployment without validating the paths in that deployment don't override system files. This would allow an attacker to override files on the container, POTENTIALLY introducing a MITM type attack vector by replacing libraries or injecting wrapper files. Users are advised to update as soon as possible. For users unable to update disable Google AppEngine deployments and/or disable artifacts that provide TARs.

CVSS v3 7.1 HIGH
CVSS v2.0 3.6 LOW

7.1^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.2

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

3.6^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:N/C:P/I:P/A:N

Exploitability : 3.9 / Impact : 4.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://github.com/spinnaker/spinnaker/security/advisories/GHSA-34jx-3vmr-56v8	Exploit Technical Description Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:linuxfoundation:spinnaker::::::::
	cpe:2.3:a:linuxfoundation:spinnaker::::::::
	cpe:2.3:a:linuxfoundation:spinnaker::::::::

History

18 Jan 2022, 14:45

Type	Values Removed	Values Added
CWE		CWE-22
CPE		cpe:2.3:a:linuxfoundation:spinnaker::::::::
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 3.6 v3 : 7.1
First Time		Linuxfoundation spinnaker Linuxfoundation
References	~~(CONFIRM) https://github.com/spinnaker/spinnaker/security/advisories/GHSA-34jx-3vmr-56v8 -~~	(CONFIRM) https://github.com/spinnaker/spinnaker/security/advisories/GHSA-34jx-3vmr-56v8 - Exploit, Technical Description, Third Party Advisory

04 Jan 2022, 18:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-01-04 18:15

Updated : 2023-12-10 14:09

NVD link : CVE-2021-39143

Mitre link : CVE-2021-39143

CVE.ORG link : CVE-2021-39143

JSON object : View

Products Affected

linuxfoundation

spinnaker

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

{"id": "CVE-2021-39143", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.6, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 4.7, "exploitabilityScore": 1.8}]}, "published": "2022-01-04T18:15:08.087", "references": [{"url": "https://github.com/spinnaker/spinnaker/security/advisories/GHSA-34jx-3vmr-56v8", "tags": ["Exploit", "Technical Description", "Third Party Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}, {"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "Spinnaker is an open source, multi-cloud continuous delivery platform. A path traversal vulnerability was discovered in uses of TAR files by AppEngine for deployments. This uses a utility to extract files locally for deployment without validating the paths in that deployment don't override system files. This would allow an attacker to override files on the container, POTENTIALLY introducing a MITM type attack vector by replacing libraries or injecting wrapper files. Users are advised to update as soon as possible. For users unable to update disable Google AppEngine deployments and/or disable artifacts that provide TARs."}, {"lang": "es", "value": "Spinnaker es una plataforma de entrega continua multi-nube de c\u00f3digo abierto. Se ha detectado una vulnerabilidad de salto de ruta en el uso de archivos TAR por parte de AppEngine para los despliegues. Esto usa una utilidad para extraer archivos localmente para el despliegue sin comprender las rutas en ese despliegue no anulan los archivos del sistema. Esto permitir\u00eda a un atacante anular archivos en el contenedor, introduciendo POTENCIALMENTE un vector de ataque de tipo MITM mediante la sustituci\u00f3n de bibliotecas o la inyecci\u00f3n de archivos wrapper. Se recomienda a usuarios que actualicen lo antes posible. Para los usuarios que no puedan actualizar, deshabiliten los despliegues de Google AppEngine y/o deshabiliten los artefactos que proporcionan TARs"}], "lastModified": "2022-01-18T14:45:24.663", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:linuxfoundation:spinnaker:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "51B41C20-068F-4C5A-9DFC-881BE5647DF7", "versionEndExcluding": "1.24.7"}, {"criteria": "cpe:2.3:a:linuxfoundation:spinnaker:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "35DF5CEB-C2A0-4E6B-A342-7F9D86FF8B98", "versionEndExcluding": "1.25.7", "versionStartIncluding": "1.25.0"}, {"criteria": "cpe:2.3:a:linuxfoundation:spinnaker:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "13D2C5A9-95F0-4DB0-9FEE-CA87850872D8", "versionEndExcluding": "1.26.7", "versionStartIncluding": "1.26.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}