Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Prior to version 3.3.14 and version 3.4.3, a user with `admin` access to the `system` resource type is potentially vulnerable to a CSRF attack that could cause the server to run untrusted code on all Rundeck editions. Patches are available in Rundeck versions 3.4.3 and 3.3.14.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| org.rundeck:rundeck-core(Maven) | 3.4.0 | 3.4.3 | N/A |
| org.rundeck:rundeck-core(Maven) | 0 | 3.3.14 | N/A |
CVSS Metrics
