漏洞标题
authenticated users 可以在 Rundeck 中查看或删除他们没有得到授权的工作。
漏洞描述信息
已认证的用户可以在Rundeck中查看或删除他们无权访问的工作项
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L
漏洞类别
授权机制缺失
漏洞标题
Authenticated users can view or delete jobs they do not have authorization for in Rundeck
漏洞描述信息
Rundeck is an open source automation service with a web console, command line tools and a WebAPI. In affected versions access to two URLs used in both Rundeck Open Source and Process Automation products could allow authenticated users to access the URL path, which would allow access to view or delete jobs, without the necessary authorization checks. This issue has been addressed in version 4.17.3. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
漏洞类别
授权机制缺失
漏洞标题
Rundeck 安全漏洞
漏洞描述信息
Rundeck是美国Rundeck公司的一款带有Web控制台、命令行工具和WebAPI的开源自动化服务,它主要用于运行自动化任务。 Rundeck 4.17.3之前版本存在安全漏洞,该漏洞源于可能允许经过身份验证的用户访问URL路径,这将允许访问查看或删除作业,而无需进行必要的授权检查。
CVSS信息
N/A
漏洞类别
其他