4 matches found
CVE-2023-47112 Authenticated users can view job names and groups they do not have authorization to view in Rundeck
Rundeck is an open source automation service with a web console, command line tools and a WebAPI. In affected versions access to two URLs used in both Rundeck Open Source and Process Automation products could allow authenticated users to access the URL path, which provides a list of job names and...
CVE-2023-47112
CVE-2023-47112 affects Rundeck (Open Source and Process Automation). Vulnerable behavior: authenticated users can access two endpoints that reveal job names and groups for any project without proper authorization. Root cause: missing/insufficient authorization checks on specific URLs (e.g., /cont...
CVE-2023-47112 Authenticated users can view job names and groups they do not have authorization to view in Rundeck
Rundeck is an open source automation service with a web console, command line tools and a WebAPI. In affected versions access to two URLs used in both Rundeck Open Source and Process Automation products could allow authenticated users to access the URL path, which provides a list of job names and...
CVE-2023-47112 Authenticated users can view job names and groups they do not have authorization to view in Rundeck
Rundeck is an open source automation service with a web console, command line tools and a WebAPI. In affected versions access to two URLs used in both Rundeck Open Source and Process Automation products could allow authenticated users to access the URL path, which provides a list of job names and...