CVE-2022-41234

Missing Authorization in maven/org.jenkins-ci.plugins/rundeck

Identifiers

CVE-2022-41234

Package Slug

maven/org.jenkins-ci.plugins/rundeck

Vulnerability

Missing Authorization

Description

Jenkins Rundeck Plugin 3.6.11 and earlier does not protect access to the /plugin/rundeck/webhook/ endpoint, allowing users with Overall/Read permission to trigger jobs that are configured to be triggerable via Rundeck.

Affected Versions

All versions up to 3.6.11

Solution

Unfortunately, there is no solution available yet.

Last Modified

2022-09-23

source