12 matches found
EUVD-2020-0365
Malware in sbrugna...
CVE-2020-11009
In Rundeck before version 3.2.6, authenticated users can craft a request that reveals Execution data and logs and Job details that they are not authorized to see. Depending on the configuration and the way that Rundeck is used, this could result in anything between a high severity risk, or a very...
CVE-2021-39132
Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Prior to version 3.3.14 and version 3.4.3, an authorized user can upload a zip-format plugin with a crafted plugin.yaml, or a crafted aclpolicy yaml file, or upload an untrusted project archive with ...
CVE-2021-39133
Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Prior to version 3.3.14 and version 3.4.3, a user with admin access to the system resource type is potentially vulnerable to a CSRF attack that could cause the server to run untrusted code on all...
CVE-2023-47112 Authenticated users can view job names and groups they do not have authorization to view in Rundeck
Rundeck is an open source automation service with a web console, command line tools and a WebAPI. In affected versions access to two URLs used in both Rundeck Open Source and Process Automation products could allow authenticated users to access the URL path, which provides a list of job names and...
CVE-2023-48222 Authenticated users can view or delete jobs they do not have authorization for in Rundeck
Rundeck is an open source automation service with a web console, command line tools and a WebAPI. In affected versions access to two URLs used in both Rundeck Open Source and Process Automation products could allow authenticated users to access the URL path, which would allow access to view or...
PT-2023-30739 · Rundeck · Rundeck
Name of the Vulnerable Software and Affected Versions: Rundeck versions 4.12.0 through 4.16.0 Description: The issue allows authenticated users to access certain URL paths without necessary authorization checks, potentially enabling them to view or delete jobs. The affected URLs are:...
CVE-2022-31044 Plaintext Storage of Keys and Passwords in Rundeck and PagerDuty Process Automation
Rundeck is an open source automation service with a web console, command line tools and a WebAPI. The Key Storage converter plugin mechanism was not enabled correctly in Rundeck 4.2.0 and 4.2.1, resulting in use of the encryption layer for Key Storage possibly not working. Any credentials created...
CVE-2021-41112 Missing Authorization in Rundeck
Rundeck is an open source automation service with a web console, command line tools and a WebAPI. In versions prior to 3.4.5, authenticated users could craft a request to modify or delete System or Project level Calendars, without appropriate authorization. Modifying or removing calendars could...
CVE-2021-41111 Authorization Bypass Through User-Controlled Key in Rundeck
Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Prior to versions 3.4.5 and 3.3.15, an authenticated user with authorization to read webhooks in one project can craft a request to reveal Webhook definitions and tokens in another project. The user...
Rundeck 安全漏洞
Rundeck is an open source automation service with a web console, command line tools, and WebAPI from Rundeck Inc. in the United States, which is primarily used to run automation tasks. A security vulnerability exists in Rundeck versions prior to 3.4.5 and 3.3.15, which stems from the fact that an...
Insecure Direct Object Reference
Rundeck is vulnerable to insecure direct object reference. Due to lack of checking appropriate authorization level for API requests, a user can send a malicious API request to perform an unauthorized disclosure of execution data, logs and Job details at various threat level depending on the usage...