CVE-2023-48222

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-48222

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-48222.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-48222

Aliases

GHSA-phmw-jx86-x666

Related

GHSA-phmw-jx86-x666

Published

2023-11-16T22:15:28Z

Modified

2025-02-18T20:43:36Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Rundeck is an open source automation service with a web console, command line tools and a WebAPI. In affected versions access to two URLs used in both Rundeck Open Source and Process Automation products could allow authenticated users to access the URL path, which would allow access to view or delete jobs, without the necessary authorization checks. This issue has been addressed in version 4.17.3. Users are advised to upgrade. There are no known workarounds for this vulnerability.

References

https://github.com/rundeck/rundeck/security/advisories/GHSA-phmw-jx86-x666

Affected packages

Git / github.com/rundeck/rundeck

Affected ranges

Type: GIT
Repo: https://github.com/rundeck/rundeck
Events: Introduced

82738640324f653e0d6519dee3820add25daaa36

Fixed

8b6f2b9c7435d656c851eb3b49f4df82e08b5ff3