Vulnerabilities > Pagerduty > Rundeck > 2.6.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-20 | CVE-2022-29186 | Use of Hard-coded Credentials vulnerability in Pagerduty Rundeck Rundeck is an open source automation service with a web console, command line tools and a WebAPI. | 9.8 |
| 2021-08-30 | CVE-2021-39132 | Deserialization of Untrusted Data vulnerability in Pagerduty Rundeck Rundeck is an open source automation service with a web console, command line tools and a WebAPI. | 6.5 |
| 2021-08-30 | CVE-2021-39133 | Cross-Site Request Forgery (CSRF) vulnerability in Pagerduty Rundeck Rundeck is an open source automation service with a web console, command line tools and a WebAPI. | 6.0 |
| 2020-04-29 | CVE-2020-11009 | Authorization Bypass Through User-Controlled Key vulnerability in Pagerduty Rundeck In Rundeck before version 3.2.6, authenticated users can craft a request that reveals Execution data and logs and Job details that they are not authorized to see. | 4.0 |
| 2019-01-25 | CVE-2019-6804 | Cross-site Scripting vulnerability in Pagerduty Rundeck An XSS issue was discovered on the Job Edit page in Rundeck Community Edition before 3.0.13, related to assets/javascripts/workflowStepEditorKO.js and views/execution/_wfitemEdit.gsp. | 4.3 |