CVE-2021-39143 (GCVE-0-2021-39143)
Vulnerability from cvelistv5 – Published: 2022-01-04 17:25 – Updated: 2025-04-22 18:34
VLAI?
Summary
Spinnaker is an open source, multi-cloud continuous delivery platform. A path traversal vulnerability was discovered in uses of TAR files by AppEngine for deployments. This uses a utility to extract files locally for deployment without validating the paths in that deployment don't override system files. This would allow an attacker to override files on the container, POTENTIALLY introducing a MITM type attack vector by replacing libraries or injecting wrapper files. Users are advised to update as soon as possible. For users unable to update disable Google AppEngine deployments and/or disable artifacts that provide TARs.
Severity ?
6.6 (Medium)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:58:18.142Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/spinnaker/spinnaker/security/advisories/GHSA-34jx-3vmr-56v8"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-39143",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-22T15:52:32.456963Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-22T18:34:51.842Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "spinnaker",
"vendor": "spinnaker",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.26.0, \u003c 1.26.7"
},
{
"status": "affected",
"version": "\u003e= 1.25.0, \u003c 1.25.7"
},
{
"status": "affected",
"version": "\u003c 1.24.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Spinnaker is an open source, multi-cloud continuous delivery platform. A path traversal vulnerability was discovered in uses of TAR files by AppEngine for deployments. This uses a utility to extract files locally for deployment without validating the paths in that deployment don\u0027t override system files. This would allow an attacker to override files on the container, POTENTIALLY introducing a MITM type attack vector by replacing libraries or injecting wrapper files. Users are advised to update as soon as possible. For users unable to update disable Google AppEngine deployments and/or disable artifacts that provide TARs."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-04T17:25:10.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/spinnaker/spinnaker/security/advisories/GHSA-34jx-3vmr-56v8"
}
],
"source": {
"advisory": "GHSA-34jx-3vmr-56v8",
"discovery": "UNKNOWN"
},
"title": "Path Traversal in spinnaker",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-39143",
"STATE": "PUBLIC",
"TITLE": "Path Traversal in spinnaker"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "spinnaker",
"version": {
"version_data": [
{
"version_value": "\u003e= 1.26.0, \u003c 1.26.7"
},
{
"version_value": "\u003e= 1.25.0, \u003c 1.25.7"
},
{
"version_value": "\u003c 1.24.7"
}
]
}
}
]
},
"vendor_name": "spinnaker"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Spinnaker is an open source, multi-cloud continuous delivery platform. A path traversal vulnerability was discovered in uses of TAR files by AppEngine for deployments. This uses a utility to extract files locally for deployment without validating the paths in that deployment don\u0027t override system files. This would allow an attacker to override files on the container, POTENTIALLY introducing a MITM type attack vector by replacing libraries or injecting wrapper files. Users are advised to update as soon as possible. For users unable to update disable Google AppEngine deployments and/or disable artifacts that provide TARs."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/spinnaker/spinnaker/security/advisories/GHSA-34jx-3vmr-56v8",
"refsource": "CONFIRM",
"url": "https://github.com/spinnaker/spinnaker/security/advisories/GHSA-34jx-3vmr-56v8"
}
]
},
"source": {
"advisory": "GHSA-34jx-3vmr-56v8",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-39143",
"datePublished": "2022-01-04T17:25:10.000Z",
"dateReserved": "2021-08-16T00:00:00.000Z",
"dateUpdated": "2025-04-22T18:34:51.842Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:linuxfoundation:spinnaker:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.24.7\", \"matchCriteriaId\": \"51B41C20-068F-4C5A-9DFC-881BE5647DF7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:linuxfoundation:spinnaker:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"1.25.0\", \"versionEndExcluding\": \"1.25.7\", \"matchCriteriaId\": \"35DF5CEB-C2A0-4E6B-A342-7F9D86FF8B98\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:linuxfoundation:spinnaker:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"1.26.0\", \"versionEndExcluding\": \"1.26.7\", \"matchCriteriaId\": \"13D2C5A9-95F0-4DB0-9FEE-CA87850872D8\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Spinnaker is an open source, multi-cloud continuous delivery platform. A path traversal vulnerability was discovered in uses of TAR files by AppEngine for deployments. This uses a utility to extract files locally for deployment without validating the paths in that deployment don\u0027t override system files. This would allow an attacker to override files on the container, POTENTIALLY introducing a MITM type attack vector by replacing libraries or injecting wrapper files. Users are advised to update as soon as possible. For users unable to update disable Google AppEngine deployments and/or disable artifacts that provide TARs.\"}, {\"lang\": \"es\", \"value\": \"Spinnaker es una plataforma de entrega continua multi-nube de c\\u00f3digo abierto. Se ha detectado una vulnerabilidad de salto de ruta en el uso de archivos TAR por parte de AppEngine para los despliegues. Esto usa una utilidad para extraer archivos localmente para el despliegue sin comprender las rutas en ese despliegue no anulan los archivos del sistema. Esto permitir\\u00eda a un atacante anular archivos en el contenedor, introduciendo POTENCIALMENTE un vector de ataque de tipo MITM mediante la sustituci\\u00f3n de bibliotecas o la inyecci\\u00f3n de archivos wrapper. Se recomienda a usuarios que actualicen lo antes posible. Para los usuarios que no puedan actualizar, deshabiliten los despliegues de Google AppEngine y/o deshabiliten los artefactos que proporcionan TARs\"}]",
"id": "CVE-2021-39143",
"lastModified": "2024-11-21T06:18:41.313",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H\", \"baseScore\": 6.6, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 4.7}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N\", \"baseScore\": 7.1, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.2}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:P/I:P/A:N\", \"baseScore\": 3.6, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"LOW\", \"exploitabilityScore\": 3.9, \"impactScore\": 4.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2022-01-04T18:15:08.087",
"references": "[{\"url\": \"https://github.com/spinnaker/spinnaker/security/advisories/GHSA-34jx-3vmr-56v8\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Exploit\", \"Technical Description\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/spinnaker/spinnaker/security/advisories/GHSA-34jx-3vmr-56v8\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Technical Description\", \"Third Party Advisory\"]}]",
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-22\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-22\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2021-39143\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2022-01-04T18:15:08.087\",\"lastModified\":\"2024-11-21T06:18:41.313\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Spinnaker is an open source, multi-cloud continuous delivery platform. A path traversal vulnerability was discovered in uses of TAR files by AppEngine for deployments. This uses a utility to extract files locally for deployment without validating the paths in that deployment don\u0027t override system files. This would allow an attacker to override files on the container, POTENTIALLY introducing a MITM type attack vector by replacing libraries or injecting wrapper files. Users are advised to update as soon as possible. For users unable to update disable Google AppEngine deployments and/or disable artifacts that provide TARs.\"},{\"lang\":\"es\",\"value\":\"Spinnaker es una plataforma de entrega continua multi-nube de c\u00f3digo abierto. Se ha detectado una vulnerabilidad de salto de ruta en el uso de archivos TAR por parte de AppEngine para los despliegues. Esto usa una utilidad para extraer archivos localmente para el despliegue sin comprender las rutas en ese despliegue no anulan los archivos del sistema. Esto permitir\u00eda a un atacante anular archivos en el contenedor, introduciendo POTENCIALMENTE un vector de ataque de tipo MITM mediante la sustituci\u00f3n de bibliotecas o la inyecci\u00f3n de archivos wrapper. Se recomienda a usuarios que actualicen lo antes posible. Para los usuarios que no puedan actualizar, deshabiliten los despliegues de Google AppEngine y/o deshabiliten los artefactos que proporcionan TARs\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H\",\"baseScore\":6.6,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":4.7},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N\",\"baseScore\":7.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.8,\"impactScore\":5.2}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:P/I:P/A:N\",\"baseScore\":3.6,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":3.9,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:linuxfoundation:spinnaker:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.24.7\",\"matchCriteriaId\":\"51B41C20-068F-4C5A-9DFC-881BE5647DF7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:linuxfoundation:spinnaker:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.25.0\",\"versionEndExcluding\":\"1.25.7\",\"matchCriteriaId\":\"35DF5CEB-C2A0-4E6B-A342-7F9D86FF8B98\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:linuxfoundation:spinnaker:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.26.0\",\"versionEndExcluding\":\"1.26.7\",\"matchCriteriaId\":\"13D2C5A9-95F0-4DB0-9FEE-CA87850872D8\"}]}]}],\"references\":[{\"url\":\"https://github.com/spinnaker/spinnaker/security/advisories/GHSA-34jx-3vmr-56v8\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Technical Description\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/spinnaker/spinnaker/security/advisories/GHSA-34jx-3vmr-56v8\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Technical Description\",\"Third Party Advisory\"]}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…