Vulnerabilities > Pagerduty > Rundeck

DATE CVE VULNERABILITY TITLE RISK
2023-11-16 CVE-2023-47112 Missing Authorization vulnerability in Pagerduty Rundeck 4.17.0/4.17.1/4.17.2
Rundeck is an open source automation service with a web console, command line tools and a WebAPI.
network
low complexity
pagerduty CWE-862
4.3
2023-11-16 CVE-2023-48222 Missing Authorization vulnerability in Pagerduty Rundeck
Rundeck is an open source automation service with a web console, command line tools and a WebAPI.
network
low complexity
pagerduty CWE-862
5.4
2022-06-15 CVE-2022-31044 Insufficiently Protected Credentials vulnerability in Pagerduty Rundeck 4.2.0/4.2.1
Rundeck is an open source automation service with a web console, command line tools and a WebAPI.
network
low complexity
pagerduty CWE-522
5.0
2022-05-20 CVE-2022-29186 Use of Hard-coded Credentials vulnerability in Pagerduty Rundeck
Rundeck is an open source automation service with a web console, command line tools and a WebAPI.
network
low complexity
pagerduty CWE-798
critical
9.8
2022-02-28 CVE-2021-41111 Authorization Bypass Through User-Controlled Key vulnerability in Pagerduty Rundeck
Rundeck is an open source automation service with a web console, command line tools and a WebAPI.
network
low complexity
pagerduty CWE-639
5.5
2022-02-28 CVE-2021-41112 Missing Authorization vulnerability in Pagerduty Rundeck
Rundeck is an open source automation service with a web console, command line tools and a WebAPI.
network
low complexity
pagerduty CWE-862
5.5
2021-08-30 CVE-2021-39132 Deserialization of Untrusted Data vulnerability in Pagerduty Rundeck
Rundeck is an open source automation service with a web console, command line tools and a WebAPI.
network
low complexity
pagerduty CWE-502
6.5
2021-08-30 CVE-2021-39133 Cross-Site Request Forgery (CSRF) vulnerability in Pagerduty Rundeck
Rundeck is an open source automation service with a web console, command line tools and a WebAPI.
network
pagerduty CWE-352
6.0
2020-04-29 CVE-2020-11009 Authorization Bypass Through User-Controlled Key vulnerability in Pagerduty Rundeck
In Rundeck before version 3.2.6, authenticated users can craft a request that reveals Execution data and logs and Job details that they are not authorized to see.
network
low complexity
pagerduty CWE-639
4.0
2019-01-25 CVE-2019-6804 Cross-site Scripting vulnerability in Pagerduty Rundeck
An XSS issue was discovered on the Job Edit page in Rundeck Community Edition before 3.0.13, related to assets/javascripts/workflowStepEditorKO.js and views/execution/_wfitemEdit.gsp.
network
pagerduty CWE-79
4.3