CVE-2021-39133
Description
Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Prior to version 3.3.14 and version 3.4.3, a user with admin access to the system resource type is potentially vulnerable to a CSRF attack that could cause the server to run untrusted code on all Rundeck editions. Patches are available in Rundeck versions 3.4.3 and 3.3.14.
Risk Information
Base Score
6.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.147
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2021-39132,CVE-2021-39133 are fixed in Rundeck-rundeck-core 3.4.3 | Windows |
| Vulnerabilities CVE-2021-39132,CVE-2021-39133 are fixed in Rundeck-rundeck-core 3.3.14 | Windows |
| Vulnerabilities CVE-2021-39132,CVE-2021-39133 are fixed in Rundeck-rundeck-core for Linux 3.4.3 | Linux |
| Vulnerabilities CVE-2021-39132,CVE-2021-39133 are fixed in Rundeck-rundeck-core for Linux 3.3.14 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234