cbcvebase.

Pagerduty Rundeck vulnerabilities

10 known vulnerabilities affecting pagerduty/rundeck.

Total CVEs
10
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH3MEDIUM6

Vulnerabilities

Page 1 of 1
CVE-2019-6804P3MEDIUMCVSS 6.1PoCfixed in 3.0.132019-01-25
CVE-2019-6804 [MEDIUM] CWE-79 CVE-2019-6804: An XSS issue was discovered on the Job Edit page in Rundeck Community Edition before 3.0.13, related An XSS issue was discovered on the Job Edit page in Rundeck Community Edition before 3.0.13, related to assets/javascripts/workflowStepEditorKO.js and views/execution/_wfitemEdit.gsp.
nvd
CVE-2022-29186P3CRITICALCVSS 9.8fixed in 4.1.02022-05-20
CVE-2022-29186 [CRITICAL] CWE-321 CVE-2022-29186: Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Ru Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Rundeck community and rundeck-enterprise docker images contained a pre-generated SSH keypair. If the id_rsa.pub public key of the keypair was copied to authorized_keys files on remote host, those hosts would allow access to anyone with the exposed pri
nvd
CVE-2021-39132P3HIGHCVSS 8.8fixed in 3.3.14≥ 3.4.0, < 3.4.32021-08-30
CVE-2021-39132 [HIGH] CWE-502 CVE-2021-39132: Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Pr Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Prior to version 3.3.14 and version 3.4.3, an authorized user can upload a zip-format plugin with a crafted plugin.yaml, or a crafted aclpolicy yaml file, or upload an untrusted project archive with a crafted aclpolicy yaml file, that can cause the server
nvd
CVE-2022-31044P3HIGHCVSS 7.5v4.2.0v4.2.12022-06-15
CVE-2022-31044 [HIGH] CWE-256 CVE-2022-31044: Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Th Rundeck is an open source automation service with a web console, command line tools and a WebAPI. The Key Storage converter plugin mechanism was not enabled correctly in Rundeck 4.2.0 and 4.2.1, resulting in use of the encryption layer for Key Storage possibly not working. Any credentials created or overwritten using Rundeck 4.2.0 or 4.2.1 might resul
nvd
CVE-2021-41112P3HIGHCVSS 8.1fixed in 3.4.52022-02-28
CVE-2021-41112 [HIGH] CWE-862 CVE-2021-41112: Rundeck is an open source automation service with a web console, command line tools and a WebAPI. In Rundeck is an open source automation service with a web console, command line tools and a WebAPI. In versions prior to 3.4.5, authenticated users could craft a request to modify or delete System or Project level Calendars, without appropriate authorization. Modifying or removing calendars could cause Scheduled Jobs to execute, or not execute on desire
nvd
CVE-2020-11009P3MEDIUMCVSS 6.5fixed in 3.2.62020-04-29
CVE-2020-11009 [MEDIUM] CWE-200 CVE-2020-11009: In Rundeck before version 3.2.6, authenticated users can craft a request that reveals Execution data In Rundeck before version 3.2.6, authenticated users can craft a request that reveals Execution data and logs and Job details that they are not authorized to see. Depending on the configuration and the way that Rundeck is used, this could result in anything between a high severity risk, or a very low risk. If access is tightly restricted and all use
nvd
CVE-2021-39133P4MEDIUMCVSS 6.8fixed in 3.3.14≥ 3.4.0, < 3.4.32021-08-30
CVE-2021-39133 [MEDIUM] CWE-352 CVE-2021-39133: Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Pr Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Prior to version 3.3.14 and version 3.4.3, a user with `admin` access to the `system` resource type is potentially vulnerable to a CSRF attack that could cause the server to run untrusted code on all Rundeck editions. Patches are available in Rundeck ve
nvd
CVE-2023-48222P4MEDIUMCVSS 5.4≥ 4.12.0, < 4.17.32023-11-16
CVE-2023-48222 [MEDIUM] CWE-862 CVE-2023-48222: Rundeck is an open source automation service with a web console, command line tools and a WebAPI. In Rundeck is an open source automation service with a web console, command line tools and a WebAPI. In affected versions access to two URLs used in both Rundeck Open Source and Process Automation products could allow authenticated users to access the URL path, which would allow access to view or delete jobs, without the necessary authorization checks.
nvd
CVE-2021-41111P4MEDIUMCVSS 5.4fixed in 3.3.15≥ 3.4.0, < 3.4.52022-02-28
CVE-2021-41111 [MEDIUM] CWE-639 CVE-2021-41111: Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Pr Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Prior to versions 3.4.5 and 3.3.15, an authenticated user with authorization to read webhooks in one project can craft a request to reveal Webhook definitions and tokens in another project. The user could use the revealed webhook tokens to trigger webho
nvd
CVE-2023-47112P4MEDIUMCVSS 4.3≥ 4.17.0, < 4.17.32023-11-16
CVE-2023-47112 [MEDIUM] CWE-862 CVE-2023-47112: Rundeck is an open source automation service with a web console, command line tools and a WebAPI. In Rundeck is an open source automation service with a web console, command line tools and a WebAPI. In affected versions access to two URLs used in both Rundeck Open Source and Process Automation products could allow authenticated users to access the URL path, which provides a list of job names and groups for any project, without the necessary authori
nvd
Pagerduty Rundeck vulnerabilities | cvebase