Skip to main content

Rundeck

15 CVEs product

Monthly

CVE-2023-48222 Maven MEDIUM PATCH This Month

Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Rundeck
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-47112 Maven MEDIUM PATCH This Month

Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Rundeck
NVD GitHub
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-41234 Maven HIGH PATCH This Week

Jenkins Rundeck Plugin 3.6.11 and earlier does not protect access to the /plugin/rundeck/webhook/ endpoint, allowing users with Overall/Read permission to trigger jobs that are configured to be. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Rundeck
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-41233 Maven MEDIUM PATCH This Month

Jenkins Rundeck Plugin 3.6.11 and earlier does not perform Run/Artifacts permission checks in multiple HTTP endpoints, allowing attackers with Item/Read permission to obtain information about build. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Rundeck
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-31044 Maven HIGH PATCH This Week

Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Rundeck
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-29186 CRITICAL PATCH Act Now

Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Debian Docker Rundeck
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-30956 Maven MEDIUM PATCH This Month

Jenkins Rundeck Plugin 3.6.10 and earlier does not restrict URL schemes in Rundeck webhook submissions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Rundeck
NVD
CVSS 3.1
5.4
EPSS
71.9%
CVE-2021-39133 Maven MEDIUM PATCH This Month

Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Rundeck
NVD GitHub
CVSS 3.1
6.8
EPSS
0.5%
CVE-2021-39132 Maven HIGH PATCH This Week

Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization File Upload Rundeck
NVD GitHub
CVSS 3.1
8.8
EPSS
1.4%
CVE-2020-11009 Maven MEDIUM PATCH This Month

In Rundeck before version 3.2.6, authenticated users can craft a request that reveals Execution data and logs and Job details that they are not authorized to see. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Rundeck
NVD GitHub
CVSS 3.1
6.5
EPSS
1.4%
CVE-2020-2144 Maven HIGH PATCH This Week

Jenkins Rundeck Plugin 3.6.6 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XXE Rundeck
NVD
CVSS 3.1
7.1
EPSS
1.1%
CVE-2019-16556 Maven MEDIUM PATCH This Month

Jenkins Rundeck Plugin 3.6.5 and earlier stores credentials unencrypted in its global configuration file and in job config.xml files on the Jenkins master where they can be viewed by users with. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Rundeck
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2019-10455 Maven MEDIUM PATCH This Month

A missing permission check in Jenkins Rundeck Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Rundeck
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2019-10454 Maven MEDIUM PATCH This Month

A cross-site request forgery vulnerability in Jenkins Rundeck Plugin allows attackers to connect to an attacker-specified URL using attacker-specified credentials. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF Rundeck
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2019-6804 Maven MEDIUM POC PATCH This Month

An XSS issue was discovered on the Job Edit page in Rundeck Community Edition before 3.0.13, related to assets/javascripts/workflowStepEditorKO.js and views/execution/_wfitemEdit.gsp. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Rundeck
NVD GitHub Exploit-DB
CVSS 3.0
6.1
EPSS
5.3%
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Rundeck
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Rundeck
NVD GitHub
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Jenkins Rundeck Plugin 3.6.11 and earlier does not protect access to the /plugin/rundeck/webhook/ endpoint, allowing users with Overall/Read permission to trigger jobs that are configured to be. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Rundeck
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

Jenkins Rundeck Plugin 3.6.11 and earlier does not perform Run/Artifacts permission checks in multiple HTTP endpoints, allowing attackers with Item/Read permission to obtain information about build. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Rundeck
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Rundeck
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Debian Docker +1
NVD GitHub
EPSS 72% CVSS 5.4
MEDIUM PATCH This Month

Jenkins Rundeck Plugin 3.6.10 and earlier does not restrict URL schemes in Rundeck webhook submissions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Rundeck
NVD
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Rundeck
NVD GitHub
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization File Upload Rundeck
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

In Rundeck before version 3.2.6, authenticated users can craft a request that reveals Execution data and logs and Job details that they are not authorized to see. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Rundeck
NVD GitHub
EPSS 1% CVSS 7.1
HIGH PATCH This Week

Jenkins Rundeck Plugin 3.6.6 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XXE Rundeck
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

Jenkins Rundeck Plugin 3.6.5 and earlier stores credentials unencrypted in its global configuration file and in job config.xml files on the Jenkins master where they can be viewed by users with. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Rundeck
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

A missing permission check in Jenkins Rundeck Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Rundeck
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

A cross-site request forgery vulnerability in Jenkins Rundeck Plugin allows attackers to connect to an attacker-specified URL using attacker-specified credentials. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF Rundeck
NVD
EPSS 5% CVSS 6.1
MEDIUM POC PATCH This Month

An XSS issue was discovered on the Job Edit page in Rundeck Community Edition before 3.0.13, related to assets/javascripts/workflowStepEditorKO.js and views/execution/_wfitemEdit.gsp. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Rundeck
NVD GitHub Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy