Vulnerability identifier: #VU67579
Vulnerability risk: Medium
Exploitation vector: Network
Exploit availability: No
The vulnerability allows a remote attacker to bypass authorization checks.
The vulnerability exists due to the affected plugin does not protect access to the /plugin/rundeck/webhook/ endpoint. A remote user can trigger jobs that are configured to be triggerable via Rundeck.
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versions
Rundeck: 1.0 - 3.6.11
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.