VYPR

Rundeck

by Rundeck

Source repositories

CVEs (10)

  • CVE-2023-47112Nov 16, 2023
    risk 0.00cvss epss 0.00

    Rundeck is an open source automation service with a web console, command line tools and a WebAPI. In affected versions access to two URLs used in both Rundeck Open Source and Process Automation products could allow authenticated users to access the URL path, which provides a…

  • CVE-2023-48222Nov 16, 2023
    risk 0.00cvss epss 0.00

    Rundeck is an open source automation service with a web console, command line tools and a WebAPI. In affected versions access to two URLs used in both Rundeck Open Source and Process Automation products could allow authenticated users to access the URL path, which would allow…

  • CVE-2022-31044Jun 15, 2022
    risk 0.00cvss epss 0.01

    Rundeck is an open source automation service with a web console, command line tools and a WebAPI. The Key Storage converter plugin mechanism was not enabled correctly in Rundeck 4.2.0 and 4.2.1, resulting in use of the encryption layer for Key Storage possibly not working. Any…

  • CVE-2022-29186May 20, 2022
    risk 0.00cvss epss 0.01

    Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Rundeck community and rundeck-enterprise docker images contained a pre-generated SSH keypair. If the id_rsa.pub public key of the keypair was copied to authorized_keys files on…

  • CVE-2021-41112Feb 28, 2022
    risk 0.00cvss epss 0.01

    Rundeck is an open source automation service with a web console, command line tools and a WebAPI. In versions prior to 3.4.5, authenticated users could craft a request to modify or delete System or Project level Calendars, without appropriate authorization. Modifying or removing…

  • CVE-2021-41111Feb 28, 2022
    risk 0.00cvss epss 0.01

    Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Prior to versions 3.4.5 and 3.3.15, an authenticated user with authorization to read webhooks in one project can craft a request to reveal Webhook definitions and tokens in another…

  • CVE-2021-39133Aug 30, 2021
    risk 0.00cvss epss 0.00

    Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Prior to version 3.3.14 and version 3.4.3, a user with `admin` access to the `system` resource type is potentially vulnerable to a CSRF attack that could cause the server to run…

  • CVE-2021-39132Aug 30, 2021
    risk 0.00cvss epss 0.01

    Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Prior to version 3.3.14 and version 3.4.3, an authorized user can upload a zip-format plugin with a crafted plugin.yaml, or a crafted aclpolicy yaml file, or upload an untrusted…

  • CVE-2020-11009Apr 29, 2020
    risk 0.00cvss epss 0.01

    In Rundeck before version 3.2.6, authenticated users can craft a request that reveals Execution data and logs and Job details that they are not authorized to see. Depending on the configuration and the way that Rundeck is used, this could result in anything between a high…

  • CVE-2019-6804Jan 25, 2019
    risk 0.00cvss epss 0.05

    An XSS issue was discovered on the Job Edit page in Rundeck Community Edition before 3.0.13, related to assets/javascripts/workflowStepEditorKO.js and views/execution/_wfitemEdit.gsp.