Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:CVE-2021-41111
HistoryFeb 28, 2022 - 8:15 p.m.

CVE-2021-41111

2022-02-2820:15:08
Google
osv.dev
7
rundeck
automation service
web console
webapi
webhooks
vulnerability
authentication
patches

AI Score

6.5

Confidence

High

EPSS

0.001

Percentile

19.4%

JSON

Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Prior to versions 3.4.5 and 3.3.15, an authenticated user with authorization to read webhooks in one project can craft a request to reveal Webhook definitions and tokens in another project. The user could use the revealed webhook tokens to trigger webhooks. Severity depends on trust level of authenticated users and whether any webhooks exist that trigger sensitive actions. There are patches for this vulnerability in versions 3.4.5 and 3.3.15. There are currently no known workarounds.

Related

nvd 1
prion 1
cvelist 1
cve 1
nvd
nvd
CVE-2021-41111
2022-02-28 20:15:08
prion
prion
Authorization
2022-02-28 20:15:00
cvelist
cvelist
CVE-2021-41111 Authorization Bypass Through User-Controlled Key in Rundeck
2022-02-28 19:15:11
cve
cve
CVE-2021-41111
2022-02-28 20:15:08

AI Score

6.5

Confidence

High

EPSS

0.001

Percentile

19.4%

JSON
Related for OSV:CVE-2021-41111
nvd1prion1cvelist1cve1