EPSS
Percentile
37.0%
rundeck is vulnerable to Cross-Site Request Forgery (CSRF). The attacks are possible because it does not validate CSRF tokens when installing plugins for endpoints.
github.com/rundeck/rundeck/commit/5fcc25c790265e934f2d2384182ab76ba5c5ce70
github.com/rundeck/rundeck/commit/67c4eedeaf9509fc0b255aff15977a5229ef13b9
github.com/rundeck/rundeck/security/advisories/GHSA-3jmw-c69h-426c