CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2021-41111 – Authorization Bypass Through User-Controlled Key in Rundeck
https://notcve.org/view.php?id=CVE-2021-41111
Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Prior to versions 3.4.5 and 3.3.15, an authenticated user with authorization to read webhooks in one project can craft a request to reveal Webhook definitions and tokens in another project. The user could use the revealed webhook tokens to trigger webhooks. Severity depends on trust level of authenticated users and whether any webhooks exist that trigger sensitive actions. There are patches for this vulnerability in versions 3.4.5 and 3.3.15. • https://github.com/rundeck/rundeck/commit/a3bdc06a0731da902593732022a5b9d2b4facec5 https://github.com/rundeck/rundeck/security/advisories/GHSA-mfqj-f22m-gv8j • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2021-39133 – Cross-Site Request Forgery (CSRF) can run untrusted code on Rundeck server
https://notcve.org/view.php?id=CVE-2021-39133
Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Prior to version 3.3.14 and version 3.4.3, a user with `admin` access to the `system` resource type is potentially vulnerable to a CSRF attack that could cause the server to run untrusted code on all Rundeck editions. Patches are available in Rundeck versions 3.4.3 and 3.3.14. Rundeck es un servicio de automatización de código abierto con una consola web, herramientas de línea de comandos y una WebAPI. Versiones anteriores a 3.3.14 y versión 3.4.3, un usuario con acceso "admin" al tipo de recurso "system" es potencialmente vulnerable a un ataque de tipo CSRF que podría causar que el servidor ejecute código no confiable en todas las ediciones de Rundeck. • https://github.com/rundeck/rundeck/commit/67c4eedeaf9509fc0b255aff15977a5229ef13b9 https://github.com/rundeck/rundeck/security/advisories/GHSA-3jmw-c69h-426c • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-39132 – YAML deserialization can run untrusted code
https://notcve.org/view.php?id=CVE-2021-39132
Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Prior to version 3.3.14 and version 3.4.3, an authorized user can upload a zip-format plugin with a crafted plugin.yaml, or a crafted aclpolicy yaml file, or upload an untrusted project archive with a crafted aclpolicy yaml file, that can cause the server to run untrusted code on Rundeck Community or Enterprise Edition. An authenticated user can make a POST request, that can cause the server to run untrusted code on Rundeck Enterprise Edition. The zip-format plugin issues requires authentication and authorization to these access levels, and affects all Rundeck editions:`admin` level access to the `system` resource type. The ACL Policy yaml file upload issues requires authentication and authorization to these access levels, and affects all Rundeck editions: `create` `update` or `admin` level access to a `project_acl` resource, and/or`create` `update` or `admin` level access to the `system_acl` resource. • https://github.com/rundeck/rundeck/commit/850d12e21d22833bc148b7f458d7cb5949f829b6 https://github.com/rundeck/rundeck/security/advisories/GHSA-q4rf-3fhx-88pf • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-2144
https://notcve.org/view.php?id=CVE-2020-2144
Jenkins Rundeck Plugin 3.6.6 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Jenkins Rundeck Plugin versiones 3.6.6 y anteriores, no configura su analizador XML para impedir ataques de tipo XML external entity (XXE). • http://www.openwall.com/lists/oss-security/2020/03/09/1 https://jenkins.io/security/advisory/2020-03-09/#SECURITY-1702 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-16556
https://notcve.org/view.php?id=CVE-2019-16556
Jenkins Rundeck Plugin 3.6.5 and earlier stores credentials unencrypted in its global configuration file and in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. Jenkins Rundeck Plugin 3.6.5 y anteriores almacena credenciales sin cifrar en su archivo de configuración global y en archivos config.xml de trabajo en el maestro de Jenkins, donde pueden ser vistos por los usuarios con permiso de lectura extendida o acceso al sistema de archivos maestro. • http://www.openwall.com/lists/oss-security/2019/12/17/1 https://jenkins.io/security/advisory/2019-12-17/#SECURITY-1636 • CWE-522: Insufficiently Protected Credentials •