GHSA-4262-wr7p-gpcj
Suggest an improvement- Source
- https://github.com/advisories/GHSA-4262-wr7p-gpcj
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-4262-wr7p-gpcj/GHSA-4262-wr7p-gpcj.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-4262-wr7p-gpcj
- Aliases
- Published
- 2022-05-13T01:06:55Z
- Modified
- 2024-02-20T05:22:36.634042Z
- Severity
-
- 6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- Rundeck Community Edition vulnerable to Cross-site Scripting
- Details
-
An XSS issue was discovered on the Job Edit page in Rundeck Community Edition before 3.0.13, related to assets/javascripts/workflowStepEditorKO.js and views/execution/_wfitemEdit.gsp.
- Database specific
{ "nvd_published_at": "2019-01-25T05:29:00Z", "cwe_ids": [ "CWE-79" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2022-11-22T18:46:01Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2019-6804
- https://github.com/rundeck/rundeck/issues/4406
- https://github.com/rundeck/rundeck/commit/e992e94bba22d9fca3a669f0d02c85b80a19f848
- https://docs.rundeck.com/docs/history/version-3.0.13.html
- https://github.com/rundeck/rundeck
- https://www.exploit-db.com/exploits/46251
Affected packages
Maven / org.rundeck:rundeck
Package
- Name
- org.rundeck:rundeck
- View open source insights on deps.dev
- Purl
- pkg:maven/org.rundeck/rundeck