Lucene search
GoogleOSV:CVE-2021-39133HistoryAug 30, 2021 - 8:15 p.m.
CVE-2021-39133
2021-08-3020:15:07
Google
osv.dev
3
rundeck
csrf
vulnerability
admin access
web console
command line tools
webapi
patches
untrusted code
EPSS
0.001
Percentile
37.0%
Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Prior to version 3.3.14 and version 3.4.3, a user with admin access to the system resource type is potentially vulnerable to a CSRF attack that could cause the server to run untrusted code on all Rundeck editions. Patches are available in Rundeck versions 3.4.3 and 3.3.14.
Related
cvelist
cvelist
prion
prion
Cross site request forgery (csrf)
2021-08-30 20:15:00
cnvd
cnvd
Rundeck Cross-Site Request Forgery Vulnerability
2021-09-01 00:00:00
veracode
veracode
Cross-Site Request Forgery (CSRF)
2021-08-31 03:39:43
cve
cve
CVE-2021-39133
2021-08-30 20:15:07
github
github
Cross-Site Request Forgery (CSRF) can run untrusted code on Rundeck server
2021-09-01 18:26:48
osv
osv
Cross-Site Request Forgery (CSRF) can run untrusted code on Rundeck server
2021-09-01 18:26:48
nvd
nvd
CVE-2021-39133
2021-08-30 20:15:07