CVE-2023-39348

Summary

CVE-2023-39348 impacts the open-source Spinnaker continuous delivery platform, which is used for multi-cloud deployments. This vulnerability causes log output when updating GitHub status to be set to FULL mode without user intervention. The implications of this issue are elevated due to potential token exposure, which could result in unauthorized access to uncontrolled repositories. Those using read-restricted tokens are particularly vulnerable. Users are urged to apply the patch and rotate GitHub tokens. For those unable to upgrade, disabling GitHub Status Notifications and filtering logs for Echo log data, along with using read-only tokens, is recommended as a temporary mitigation.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.