CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47112 – Authenticated users can view job names and groups they do not have authorization to view in Rundeck
https://notcve.org/view.php?id=CVE-2023-47112
16 Nov 2023 — Rundeck is an open source automation service with a web console, command line tools and a WebAPI. In affected versions access to two URLs used in both Rundeck Open Source and Process Automation products could allow authenticated users to access the URL path, which provides a list of job names and groups for any project, without the necessary authorization checks. The output of these endpoints only exposes the name of job groups and the jobs contained within the specified project. The output is read-only and... • https://github.com/rundeck/rundeck/security/advisories/GHSA-xvmv-4rx6-x6jx • CWE-862: Missing Authorization •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-48222 – Authenticated users can view or delete jobs they do not have authorization for in Rundeck
https://notcve.org/view.php?id=CVE-2023-48222
16 Nov 2023 — Rundeck is an open source automation service with a web console, command line tools and a WebAPI. In affected versions access to two URLs used in both Rundeck Open Source and Process Automation products could allow authenticated users to access the URL path, which would allow access to view or delete jobs, without the necessary authorization checks. This issue has been addressed in version 4.17.3. Users are advised to upgrade. There are no known workarounds for this vulnerability. • https://github.com/rundeck/rundeck/security/advisories/GHSA-phmw-jx86-x666 • CWE-862: Missing Authorization •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-31044 – Plaintext Storage of Keys and Passwords in Rundeck and PagerDuty Process Automation
https://notcve.org/view.php?id=CVE-2022-31044
15 Jun 2022 — Rundeck is an open source automation service with a web console, command line tools and a WebAPI. The Key Storage converter plugin mechanism was not enabled correctly in Rundeck 4.2.0 and 4.2.1, resulting in use of the encryption layer for Key Storage possibly not working. Any credentials created or overwritten using Rundeck 4.2.0 or 4.2.1 might result in them being written in plaintext to the backend storage. This affects those using any `Storage Converter` plugin. Rundeck 4.3.1 and 4.2.2 have fixed the co... • https://github.com/rundeck/rundeck/security/advisories/GHSA-hprf-rrwq-jm5c • CWE-256: Plaintext Storage of a Password CWE-522: Insufficiently Protected Credentials •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-29186 – Use of Hard-coded Cryptographic Key in rundeck/rundeck, rundeckpro/enterprise
https://notcve.org/view.php?id=CVE-2022-29186
20 May 2022 — Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Rundeck community and rundeck-enterprise docker images contained a pre-generated SSH keypair. If the id_rsa.pub public key of the keypair was copied to authorized_keys files on remote host, those hosts would allow access to anyone with the exposed private credentials. This misconfiguration only impacts Rundeck Docker instances of PagerDuty® Process Automation On Prem (formerly Rundeck) version 4.0 and earlier, ... • https://github.com/rundeck/rundeck/commit/16ef7a70b202492f9fbb54d8af4bb8ea0afa10ad • CWE-321: Use of Hard-coded Cryptographic Key CWE-798: Use of Hard-coded Credentials •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-41112 – Missing Authorization in Rundeck
https://notcve.org/view.php?id=CVE-2021-41112
28 Feb 2022 — Rundeck is an open source automation service with a web console, command line tools and a WebAPI. In versions prior to 3.4.5, authenticated users could craft a request to modify or delete System or Project level Calendars, without appropriate authorization. Modifying or removing calendars could cause Scheduled Jobs to execute, or not execute on desired calendar days. Severity depends on trust level of authenticated users and impact of running or not running scheduled jobs on days governed by calendar defini... • https://github.com/rundeck/rundeck/security/advisories/GHSA-f68p-c9wh-j2q8 • CWE-862: Missing Authorization •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2021-41111 – Authorization Bypass Through User-Controlled Key in Rundeck
https://notcve.org/view.php?id=CVE-2021-41111
28 Feb 2022 — Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Prior to versions 3.4.5 and 3.3.15, an authenticated user with authorization to read webhooks in one project can craft a request to reveal Webhook definitions and tokens in another project. The user could use the revealed webhook tokens to trigger webhooks. Severity depends on trust level of authenticated users and whether any webhooks exist that trigger sensitive actions. There are patches for this vulnerabili... • https://github.com/rundeck/rundeck/commit/a3bdc06a0731da902593732022a5b9d2b4facec5 • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2021-39133 – Cross-Site Request Forgery (CSRF) can run untrusted code on Rundeck server
https://notcve.org/view.php?id=CVE-2021-39133
30 Aug 2021 — Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Prior to version 3.3.14 and version 3.4.3, a user with `admin` access to the `system` resource type is potentially vulnerable to a CSRF attack that could cause the server to run untrusted code on all Rundeck editions. Patches are available in Rundeck versions 3.4.3 and 3.3.14. Rundeck es un servicio de automatización de código abierto con una consola web, herramientas de línea de comandos y una WebAPI. Versione... • https://github.com/rundeck/rundeck/commit/67c4eedeaf9509fc0b255aff15977a5229ef13b9 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-39132 – YAML deserialization can run untrusted code
https://notcve.org/view.php?id=CVE-2021-39132
30 Aug 2021 — Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Prior to version 3.3.14 and version 3.4.3, an authorized user can upload a zip-format plugin with a crafted plugin.yaml, or a crafted aclpolicy yaml file, or upload an untrusted project archive with a crafted aclpolicy yaml file, that can cause the server to run untrusted code on Rundeck Community or Enterprise Edition. An authenticated user can make a POST request, that can cause the server to run untrusted co... • https://github.com/rundeck/rundeck/commit/850d12e21d22833bc148b7f458d7cb5949f829b6 • CWE-502: Deserialization of Untrusted Data •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-11009 – IDOR can reveal execution data and logs to unauthorized user in Rundeck
https://notcve.org/view.php?id=CVE-2020-11009
29 Apr 2020 — In Rundeck before version 3.2.6, authenticated users can craft a request that reveals Execution data and logs and Job details that they are not authorized to see. Depending on the configuration and the way that Rundeck is used, this could result in anything between a high severity risk, or a very low risk. If access is tightly restricted and all users on the system have access to all projects, this is not really much of an issue. If access is wider and allows login for users that do not have access to any p... • https://docs.rundeck.com/docs/history/3_2_x/version-3.2.6.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 7.8EPSS: 0%CPEs: 60EXPL: 0CVE-2019-3800 – CF CLI writes the client id and secret to config file
https://notcve.org/view.php?id=CVE-2019-3800
05 Aug 2019 — CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes the client id and secret to its config file when the user authenticates with --client-credentials flag. A local authenticated malicious user with access to the CF CLI config file can act as that client, who is the owner of the leaked credentials. La CLI de CF anterior a versión v6.45.0 (versión de lanzamiento bosh 1.16.0), escribe el id y el secreto del cliente hacia su archivo de configuración cuando el usuario se autentica con el flag --... • https://pivotal.io/security/cve-2019-3800 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-522: Insufficiently Protected Credentials •