Maven package
org.rundeck/rundeck-core
pkg:maven/org.rundeck/rundeck-core
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-39133 | — | >= 3.4.0, < 3.4.3 | 3.4.3 | Aug 30, 2021 | Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Prior to version 3.3.14 and version 3.4.3, a user with `admin` access to the `system` resource type is potentially vulnerable to a CSRF attack that could cause the server to run untr | ||
| CVE-2021-39132 | — | >= 3.4.0, < 3.4.3 | 3.4.3 | Aug 30, 2021 | Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Prior to version 3.3.14 and version 3.4.3, an authorized user can upload a zip-format plugin with a crafted plugin.yaml, or a crafted aclpolicy yaml file, or upload an untrusted proj |
- CVE-2021-39133Aug 30, 2021affected >= 3.4.0, < 3.4.3fixed 3.4.3
Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Prior to version 3.3.14 and version 3.4.3, a user with `admin` access to the `system` resource type is potentially vulnerable to a CSRF attack that could cause the server to run untr
- CVE-2021-39132Aug 30, 2021affected >= 3.4.0, < 3.4.3fixed 3.4.3
Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Prior to version 3.3.14 and version 3.4.3, an authorized user can upload a zip-format plugin with a crafted plugin.yaml, or a crafted aclpolicy yaml file, or upload an untrusted proj