3 matches found
CVE-2021-41111 Authorization Bypass Through User-Controlled Key in Rundeck
Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Prior to versions 3.4.5 and 3.3.15, an authenticated user with authorization to read webhooks in one project can craft a request to reveal Webhook definitions and tokens in another project. The user...
CVE-2021-41111
Vulnerability: In Rundeck, prior to versions 3.4.5 and 3.3.15, an authenticated user with permission to read webhooks in one project can craft a request to reveal webhook definitions and tokens in another project, enabling potential triggering of webhooks. Affected: Rundeck web UI/API from the ci...
CVE-2021-41111 Authorization Bypass Through User-Controlled Key in Rundeck
Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Prior to versions 3.4.5 and 3.3.15, an authenticated user with authorization to read webhooks in one project can craft a request to reveal Webhook definitions and tokens in another project. The user...