Lucene search
China National Vulnerability DatabaseCNVD-2021-70091HistorySep 01, 2021 - 12:00 a.m.
Rundeck code issue vulnerability
2021-09-0100:00:00
China National Vulnerability Database
www.cnvd.org.cn
10
rundeck
code issue
vulnerability
enterprise edition
post request
untrusted code
authentication
automation service
EPSS
0.001
Percentile
43.7%
Rundeck is an open source automation service with a Web console, command line tools, and WebAPI from Rundeck USA, which is primarily used to run automation tasks.A code issue vulnerability exists in Rundeck Enterprise Edition, which stems from the fact that an authenticated user can issue a POST request, which could lead to server to run untrusted code on Rundeck Enterprise Edition. No details of the vulnerability are currently available.
Related
osv
osv
CVE-2021-39132
2021-08-30 20:15:07
YAML deserialization can run untrusted code
2021-09-01 18:27:01
cvelist
cvelist
CVE-2021-39132 YAML deserialization can run untrusted code
2021-08-30 19:35:10
nvd
nvd
CVE-2021-39132
2021-08-30 20:15:07
cve
cve
CVE-2021-39132
2021-08-30 20:15:07
veracode
veracode
Untrusted Code Deserialization
2021-09-02 10:26:31
prion
prion
Authentication flaw
2021-08-30 20:15:00
github
github
YAML deserialization can run untrusted code
2021-09-01 18:27:01