pkg:maven/org.rundeck/rundeck
Type
maven
Namespace
org.rundeck
Name
rundeck
Known advisories, vulnerabilities and fixes for org.rundeck/rundeck package.
High
2
Moderate
2
Type | Version | Distribution | # CVEs | # Advisory ID | Title | Severity | Published |
---|---|---|---|---|---|---|---|
Affected | < 3.0.13 |
CVE-2019-6804
|
MAVEN:GHSA-4262-WR7P-GPCJ | Rundeck Community Edition vulnerable to Cross-site Scripting | moderate |
2022-05-13T01:06:55
(2 years ago) |
|
Fixed | = 3.0.13 |
CVE-2019-6804
|
MAVEN:GHSA-4262-WR7P-GPCJ | Rundeck Community Edition vulnerable to Cross-site Scripting | moderate |
2022-05-13T01:06:55
(2 years ago) |
|
Affected | < 3.2.6 |
CVE-2020-11009
|
MAVEN:GHSA-5679-7QRC-5M7J | IDOR can reveal execution data and logs to unauthorized user in Rundeck | moderate |
2020-04-29T16:31:12
(4 years ago) |
|
Fixed | = 3.2.6 |
CVE-2020-11009
|
MAVEN:GHSA-5679-7QRC-5M7J | IDOR can reveal execution data and logs to unauthorized user in Rundeck | moderate |
2020-04-29T16:31:12
(4 years ago) |
|
Affected | >= 4.3.0, < 4.3.1 >= 4.2.0, < 4.2.2 |
CVE-2022-31044
|
MAVEN:GHSA-HPRF-RRWQ-JM5C | Rundeck's Key Storage converter plugin mechanism's encryption layer not working in 4.2.0, 4.2.1, 4.3.0 | high |
2022-06-17T20:51:48
(2 years ago) |
|
Fixed | = 4.3.1 = 4.2.2 |
CVE-2022-31044
|
MAVEN:GHSA-HPRF-RRWQ-JM5C | Rundeck's Key Storage converter plugin mechanism's encryption layer not working in 4.2.0, 4.2.1, 4.3.0 | high |
2022-06-17T20:51:48
(2 years ago) |
|
Affected | >= 4.12.0, < 4.17.3 |
CVE-2023-48222
|
MAVEN:GHSA-PHMW-JX86-X666 | Authenticated Rundeck users can view or delete jobs they do not have authorization for. | high |
2023-11-16T20:48:46
(10 months ago) |
|
Fixed | = 4.17.3 |
CVE-2023-48222
|
MAVEN:GHSA-PHMW-JX86-X666 | Authenticated Rundeck users can view or delete jobs they do not have authorization for. | high |
2023-11-16T20:48:46
(10 months ago) |