Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Authenticated users can view or delete jobs they do not have authorization for in Rundeck
Vulnerability Description
Rundeck is an open source automation service with a web console, command line tools and a WebAPI. In affected versions access to two URLs used in both Rundeck Open Source and Process Automation products could allow authenticated users to access the URL path, which would allow access to view or delete jobs, without the necessary authorization checks. This issue has been addressed in version 4.17.3. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Vulnerability Type
授权机制缺失
Vulnerability Title
Rundeck 安全漏洞
Vulnerability Description
Rundeck是美国Rundeck公司的一款带有Web控制台、命令行工具和WebAPI的开源自动化服务,它主要用于运行自动化任务。 Rundeck 4.17.3之前版本存在安全漏洞,该漏洞源于可能允许经过身份验证的用户访问URL路径,这将允许访问查看或删除作业,而无需进行必要的授权检查。
CVSS Information
N/A
Vulnerability Type
N/A