CVE-2021-39133

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2021-39133

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-39133.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2021-39133

Aliases

GHSA-3jmw-c69h-426c

Related

GHSA-3jmw-c69h-426c

Published

2021-08-30T20:15:07.730Z

Modified

2026-02-13T00:37:28.591136Z

Severity

6.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Prior to version 3.3.14 and version 3.4.3, a user with admin access to the system resource type is potentially vulnerable to a CSRF attack that could cause the server to run untrusted code on all Rundeck editions. Patches are available in Rundeck versions 3.4.3 and 3.3.14.

References

Affected packages

Git / github.com/rundeck/rundeck

Affected ranges

Type: GIT
Repo: https://github.com/rundeck/rundeck
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

67c4eedeaf9509fc0b255aff15977a5229ef13b9

Introduced

50272b9ab5a36de1b5b691931bc5bf136923966d

Fixed

b63668156cbdc71ef6b8ae9caece481c77ef80ac

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-39133.json"