Lucene search
GoogleOSV:GHSA-3JMW-C69H-426CHistorySep 01, 2021 - 6:26 p.m.
Cross-Site Request Forgery (CSRF) can run untrusted code on Rundeck server
2021-09-0118:26:48
Google
osv.dev
9
csrf attack
rundeck server
admin access
untrusted code
EPSS
0.001
Percentile
37.0%
Impact
A user with admin access to the system resource type is potentially vulnerable to a CSRF attack that could cause the server to run untrusted code on all Rundeck editions.
Patches
Available in Rundeck 3.4.3 and 3.3.14
Workarounds
Please visit https://rundeck.com/security for information about specific workarounds.
For more information
If you have any questions or comments about this advisory:
- Email us at [email protected]
To report security issues to Rundeck please use the form at https://rundeck.com/security
Related
cvelist
cvelist
cnvd
cnvd
Rundeck Cross-Site Request Forgery Vulnerability
2021-09-01 00:00:00
prion
prion
Cross site request forgery (csrf)
2021-08-30 20:15:00
veracode
veracode
Cross-Site Request Forgery (CSRF)
2021-08-31 03:39:43
cve
cve
CVE-2021-39133
2021-08-30 20:15:07
github
github
Cross-Site Request Forgery (CSRF) can run untrusted code on Rundeck server
2021-09-01 18:26:48
osv
osv
CVE-2021-39133
2021-08-30 20:15:07
nvd
nvd
CVE-2021-39133
2021-08-30 20:15:07