pkg:maven/org.rundeck/rundeck
Type
maven
Namespace
org.rundeck
Name
rundeck
Known advisories, vulnerabilities and fixes for org.rundeck/rundeck package.
High
2
Moderate
2
| Type | Version | Distribution | # CVEs | # Advisory ID | Title | Severity | Published |
|---|---|---|---|---|---|---|---|
| Affected | < 3.0.13 |
CVE-2019-6804
|
 MAVEN:GHSA-4262-WR7P-GPCJ
|
Rundeck Community Edition vulnerable to Cross-site Scripting | moderate |
2022-05-13T01:06:55
(2 years ago) |
|
| Fixed | = 3.0.13 |
CVE-2019-6804
|
MAVEN:GHSA-4262-WR7P-GPCJ
|
Rundeck Community Edition vulnerable to Cross-site Scripting | moderate |
2022-05-13T01:06:55
(2 years ago) |
|
| Affected | < 3.2.6 |
CVE-2020-11009
|
MAVEN:GHSA-5679-7QRC-5M7J
|
IDOR can reveal execution data and logs to unauthorized user in Rundeck | moderate |
2020-04-29T16:31:12
(4 years ago) |
|
| Fixed | = 3.2.6 |
CVE-2020-11009
|
MAVEN:GHSA-5679-7QRC-5M7J
|
IDOR can reveal execution data and logs to unauthorized user in Rundeck | moderate |
2020-04-29T16:31:12
(4 years ago) |
|
| Affected | >= 4.3.0, < 4.3.1 >= 4.2.0, < 4.2.2 |
CVE-2022-31044
|
MAVEN:GHSA-HPRF-RRWQ-JM5C
|
Rundeck's Key Storage converter plugin mechanism's encryption layer not working in 4.2.0, 4.2.1, 4.3.0 | high |
2022-06-17T20:51:48
(2 years ago) |
|
| Fixed | = 4.3.1 = 4.2.2 |
CVE-2022-31044
|
MAVEN:GHSA-HPRF-RRWQ-JM5C
|
Rundeck's Key Storage converter plugin mechanism's encryption layer not working in 4.2.0, 4.2.1, 4.3.0 | high |
2022-06-17T20:51:48
(2 years ago) |
|
| Affected | >= 4.12.0, < 4.17.3 |
CVE-2023-48222
|
MAVEN:GHSA-PHMW-JX86-X666
|
Authenticated Rundeck users can view or delete jobs they do not have authorization for. | high |
2023-11-16T20:48:46
(10 months ago) |
|
| Fixed | = 4.17.3 |
CVE-2023-48222
|
MAVEN:GHSA-PHMW-JX86-X666
|
Authenticated Rundeck users can view or delete jobs they do not have authorization for. | high |
2023-11-16T20:48:46
(10 months ago) |