Advisories for Maven/Org.rundeck/Rundeckapp package

2023

Authenticated users can view job names and groups they do not have authorization to view

Rundeck is an open source automation service with a web console, command line tools and a WebAPI. In affected versions access to two URLs used in both Rundeck Open Source and Process Automation products could allow authenticated users to access the URL path, which provides a list of job names and groups for any project, without the necessary authorization checks. The output of these endpoints only exposes the name of …