SPIRE
v1.14.2Security2026年3月4日
SPIRE v1.14.2 addresses two critical security vulnerabilities in server node attestor plugins that could enable SSRF attacks and CPU exhaustion.
securityUpgrade immediately to patch critical vulnerabilities
Two security issues affect SPIRE servers using http_challenge or x509pop attestors. The SSRF vulnerability lets attackers redirect servers to unauthorized domains and extract response data. The x509pop DoS vulnerability allows CPU exhaustion attacks. Update to v1.14.2 immediately if you use either attestor plugin.
主な変更 (3)
- Fixed SSRF vulnerability in http_challenge server node attestor plugin
- Resolved CPU exhaustion issue in x509pop server node attestor plugin
- Both vulnerabilities could be exploited by attackers during node attestation