Rundeck is vulnerable to insecure direct object reference. Due to lack of checking appropriate authorization level for API requests, a user can send a malicious API request to perform an unauthorized disclosure of execution data, logs and Job details at various threat level depending on the usage and configuration.
docs.rundeck.com/docs/history/3_2_x/version-3.2.6.html
docs.rundeck.com/docs/history/3_2_x/version-3.2.6.html#security
github.com/rundeck/rundeck/compare/a7eaab3cfee9d5b2cf28a89d5e46a9c408e216ea...db31eeea0e7f434249f0b13ceaf75bddbf29e212
github.com/rundeck/rundeck/security/advisories/GHSA-5679-7qrc-5m7j