Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Missing Authorization in Rundeck
Vulnerability Description
Rundeck is an open source automation service with a web console, command line tools and a WebAPI. In versions prior to 3.4.5, authenticated users could craft a request to modify or delete System or Project level Calendars, without appropriate authorization. Modifying or removing calendars could cause Scheduled Jobs to execute, or not execute on desired calendar days. Severity depends on trust level of authenticated users and impact of running or not running scheduled jobs on days governed by calendar definitions. Version 3.4.5 contains a patch for this issue. There are currently no known workarounds.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Vulnerability Type
授权机制缺失
Vulnerability Title
Rundeck 安全漏洞
Vulnerability Description
Rundeck是美国Rundeck公司的一款带有Web控制台、命令行工具和WebAPI的开源自动化服务,它主要用于运行自动化任务。 Rundeck 3.4.5 之前的版本中存在安全漏洞,经过身份验证的用户可以在没有适当授权的情况下提出修改或删除系统或项目级别日历的请求。修改或删除日历可能会导致计划作业在所需的日历日执行或不执行。严重性取决于经过身份验证的用户的信任级别以及在日历定义管理的日期内运行或不运行计划作业的影响。
CVSS Information
N/A
Vulnerability Type
N/A