Homepage
About Snyk

org.rundeck:rundeck@3.4.10-rc4-20220114 vulnerabilities

Go back to all versions of this package
Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the org.rundeck:rundeck package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Information Exposure

org.rundeck:rundeck is an enable Self-Service Operations package which gives specific users access to your existing tools, services, and scripts.

Affected versions of this package are vulnerable to Information Exposure. The Key Storage converter plugin mechanism was not enabled correctly, resulting in the use of the encryption layer for Key Storage possibly not working. Exploiting this vulnerability leads to any credentials created or overwritten being written in plaintext to the backend storage.

Note: This vulnerability affects those using any Storage Converter plugin.

How to fix Information Exposure?

Upgrade org.rundeck:rundeck to version 4.2.2-20220615, 4.3.1-20220615 or higher.

[,4.2.2-20220615) [4.3.0-20220602,4.3.1-20220615)
Go back to all versions of this package