Jenkins Rundeck Plugin 3.6.11 and earlier does not protect access to the /plugin/rundeck/webhook/
endpoint, allowing users with Overall/Read permission to trigger jobs that are configured to be triggerable via Rundeck.
{ "nvd_published_at": "2022-09-21T16:15:00Z", "github_reviewed_at": "2022-09-23T13:38:06Z", "severity": "MODERATE", "github_reviewed": true, "cwe_ids": [ "CWE-862" ] }