CVE-2025-61916
📋 TL;DR
Spinnaker versions prior to 2025.1.6, 2025.2.3, and 2025.3.0 are vulnerable to server-side request forgery (SSRF) that allows attackers to fetch data from remote URLs and inject it into pipelines. This can lead to credential exposure from internal APIs, cloud metadata services, and authentication headers. Organizations using vulnerable Spinnaker installations with HTTP artifact providers or similar user-input-enabled artifacts are affected.
💻 Affected Systems
- Spinnaker
📦 What is this software?
Spinnaker by Linuxfoundation
Spinnaker by Linuxfoundation
⚠️ Risk & Real-World Impact
Worst Case
Attackers extract sensitive credentials (AWS metadata, GitHub auth headers, internal API tokens) and use them to compromise cloud infrastructure, source code repositories, and internal systems.
Likely Case
Unauthorized data exfiltration from internal APIs and cloud metadata services, potentially exposing authentication credentials and configuration data.
If Mitigated
Limited impact with proper network segmentation and URL restrictions, though some internal data exposure may still occur.
🎯 Exploit Status
Exploitation requires user access to create/modify pipelines and knowledge of internal endpoints. The vulnerability is well-documented in the advisory.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2025.1.6, 2025.2.3, or 2025.3.0
Vendor Advisory: https://github.com/spinnaker/spinnaker/security/advisories/GHSA-vrjc-q2fh-6x9h
Restart Required: Yes
Instructions:
1. Identify your Spinnaker version. 2. Upgrade to 2025.1.6, 2025.2.3, or 2025.3.0 based on your current version track. 3. Restart Spinnaker services. 4. Verify the fix by testing artifact URL restrictions.
🔧 Temporary Workarounds
Disable HTTP artifact providers
allDisable HTTP account types that allow user input of arbitrary URLs
# Edit Spinnaker configuration to disable HTTP artifact providers
# Set `artifacts.http.enabled: false` in your configuration
Implement OPA policies
allUse Open Policy Agent policies to restrict pipelines from accessing or saving with invalid URLs
# Configure OPA policies to validate and restrict artifact URLs
# Example policy would reject URLs pointing to internal endpoints
🧯 If You Can't Patch
- Implement strict network segmentation to isolate Spinnaker from internal APIs and metadata services
- Use allow-listing for artifact URLs and disable all user-input-enabled artifact providers
🔍 How to Verify
Check if Vulnerable:
Check Spinnaker version and verify if HTTP artifact providers or similar user-input artifacts are enabledCheck Version:
hal version list or check Spinnaker deployment manifestsVerify Fix Applied:
After patching, attempt to fetch data from internal URLs via artifact providers - should be blocked📡 Detection & Monitoring
Log Indicators:
- Unusual artifact fetch patterns
- Requests to internal endpoints (169.254.169.254, localhost, internal APIs)
- Pipeline failures due to URL fetch errors
Network Indicators:
- Outbound connections from Spinnaker to internal metadata services
- Unusual traffic patterns to cloud provider metadata endpoints
SIEM Query:
source="spinnaker" AND (url="*169.254.169.254*" OR url="*metadata*" OR url="*localhost*")