GHSA-3jmw-c69h-426c
Suggest an improvement- Source
- https://github.com/advisories/GHSA-3jmw-c69h-426c
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/09/GHSA-3jmw-c69h-426c/GHSA-3jmw-c69h-426c.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-3jmw-c69h-426c
- Aliases
- Published
- 2021-09-01T18:26:48Z
- Modified
- 2023-11-08T04:06:30.104737Z
- Severity
-
- 7.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- Cross-Site Request Forgery (CSRF) can run untrusted code on Rundeck server
- Details
-
Impact
A user with
adminaccess to thesystemresource type is potentially vulnerable to a CSRF attack that could cause the server to run untrusted code on all Rundeck editions.Patches
Available in Rundeck 3.4.3 and 3.3.14
Workarounds
Please visit https://rundeck.com/security for information about specific workarounds.
For more information
If you have any questions or comments about this advisory: * Email us at security@rundeck.com
To report security issues to Rundeck please use the form at https://rundeck.com/security
- Database specific
{ "nvd_published_at": "2021-08-30T20:15:00Z", "github_reviewed_at": "2021-08-30T22:03:39Z", "severity": "HIGH", "github_reviewed": true, "cwe_ids": [ "CWE-352" ] }- References
Affected packages
Maven / org.rundeck:rundeck-core
Package
- Name
- org.rundeck:rundeck-core
- View open source insights on deps.dev
- Purl
- pkg:maven/org.rundeck/rundeck-core
Maven / org.rundeck:rundeck-core
Package
- Name
- org.rundeck:rundeck-core
- View open source insights on deps.dev
- Purl
- pkg:maven/org.rundeck/rundeck-core
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.3.14
Affected versions
1.*
1.4.4
1.4.5
1.5
1.5.1
1.5.2
1.5.3
1.6.0
1.6.1
1.6.2
2.*
2.0.0
2.0.1
2.0.2
2.0.3
2.0.4
2.1.0
2.1.1
2.1.2
2.1.3
2.2.0
2.2.1
2.2.2
2.2.3
2.3.0
2.3.1
2.3.2
2.4.0
2.4.1
2.4.2
2.5.0
2.5.1
2.5.2
2.5.3
2.6.0
2.6.1
2.6.2
2.6.3
2.6.4
2.6.5
2.6.6
2.6.7
2.6.8
2.6.9
2.6.10
2.6.11
2.7.0
2.7.1
2.7.2
2.7.3
2.8.0
2.8.1
2.8.2
2.8.3
2.8.4
2.9.0
2.9.1
2.9.2
2.9.3
2.9.4
2.10.0
2.10.1
2.10.2
2.10.3
2.10.4
2.10.5
2.10.6
2.10.7
2.10.8
2.11.0-RC1
2.11.0
2.11.1
2.11.2
2.11.3
2.11.4
2.11.5
2.11.6
2.11.7
2.11.8
2.11.9
2.11.10
2.11.11
2.11.12
2.11.13
2.11.14
3.*
3.0.0-alpha1
3.0.0-20180727
3.0.1-20180803
3.0.2-20180803
3.0.2-20180817
3.0.5-20180828
3.0.6-20180917
3.0.7-20181008
3.0.8-20181029
3.0.9-20181127
3.0.10-20181220
3.0.11-20181221
3.0.12-20190114
3.0.13-20190123
3.0.14-20190221
3.0.15-20190222
3.0.16-20190223
3.0.17-20190311
3.0.18-20190322
3.0.19-20190327
3.0.20-20190408
3.0.21-20190424
3.0.22-20190512
3.0.23-20190619
3.0.24-20190719
3.0.25-20190814
3.0.26-20190829
3.0.27-20191204
3.1.0-rc2-20190719
3.1.0-20190731
3.1.1-20190923
3.1.2-20190927
3.1.3-20191204
3.2.0-20191218
3.2.1-20200113
3.2.2-20200204
3.2.3-20200221
3.2.4-20200318
3.2.5-20200403
3.2.6-20200427
3.2.7-rc1-20200511
3.2.7-20200515
3.2.9-20200708
3.3.0-rc1-20200623
3.3.0-preview1-20200608
3.3.0-preview2-20200610
3.3.0-20200701
3.3.1-20200727
3.3.2-rc1-20200811
3.3.2-rc2-20200814
3.3.2-20200727
3.3.2-20200817
3.3.3-rc1-20200902
3.3.3-rc2-20200904
3.3.3-20200910
3.3.4-rc1-20200921
3.3.4-rc2-20200923
3.3.4-rc3-20200925
3.3.4-rc4-20200929
3.3.4-20201007
3.3.5-rc1-20201009
3.3.5-rc2-20201014
3.3.5-20201019
3.3.6-alpha1-20201022
3.3.6-rc1-20201102
3.3.6-rc2-20201105
3.3.6-rc3-20201105
3.3.6-rc4-20201109
3.3.6-20201111
3.3.7-rc1-20201201
3.3.7-rc2-20201203
3.3.7-20201208
3.3.8-rc3-20201231
3.3.8-rc4-20201231
3.3.8-rc5-20210104
3.3.8-rc6-20210105
3.3.8-rc7-20210107
3.3.8-20210111
3.3.9-rc2-20210122
3.3.9-rc3-20210127
3.3.9-rc4-20210201
3.3.9-20210122
3.3.9-20210201
3.3.10-rc1-20210216
3.3.10-rc2-20210219
3.3.10-20210301
3.3.11-rc1-20210329
3.3.11-rc2-20210406
3.3.11-rc3-20210424
3.3.11-rc4-20210504
3.3.11-20210507
3.3.12-rc1-20210513
3.3.12-rc2-20210514
3.3.12-20210521
3.3.13-rc1-20210601
3.3.13-rc2-20210610
3.3.13-20210614
3.3.14-rc1-20210825