CVE-2021-39133
Last modified
CVE-2021-39133 is a medium-severity vulnerability rated 6.8/10 on the CVSS scale. Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Prior to version 3.3.14 and version 3.4.3, a user with `admin` access to the `system` resource type is potentially vulnerable to a CSRF attack that could cause the server to run untrusted code on all Rundeck editions. EPSS estimates a 0.45% chance of exploitation in the next 30 days.
Description
Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Prior to version 3.3.14 and version 3.4.3, a user with `admin` access to the `system` resource type is potentially vulnerable to a CSRF attack that could cause the server to run untrusted code on all Rundeck editions. Patches are available in Rundeck versions 3.4.3 and 3.3.14.
Metrics
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Pagerduty | Rundeck | < 3.3.14 |
| Pagerduty | Rundeck | >= 3.4.0, < 3.4.3 |
References
- https://github.com/rundeck/rundeck/commit/67c4eedeaf9509fc0b255aff15977a5229ef13b9Patch, Third Party Advisory
- https://github.com/rundeck/rundeck/security/advisories/GHSA-3jmw-c69h-426cThird Party Advisory
- https://github.com/rundeck/rundeck/commit/67c4eedeaf9509fc0b255aff15977a5229ef13b9Patch, Third Party Advisory
- https://github.com/rundeck/rundeck/security/advisories/GHSA-3jmw-c69h-426cThird Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-39133?
How severe is CVE-2021-39133?
How do I fix CVE-2021-39133?
Are you affected by CVE-2021-39133?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST