Vulnerability	Vulnerable Version
H Information Exposure org.rundeck:rundeck is an enable Self-Service Operations package which gives specific users access to your existing tools, services, and scripts. Affected versions of this package are vulnerable to Information Exposure. The `Key Storage converter` plugin mechanism was not enabled correctly, resulting in the use of the encryption layer for Key Storage possibly not working. Exploiting this vulnerability leads to any credentials created or overwritten being written in plaintext to the backend storage. Note: This vulnerability affects those using any `Storage Converter` plugin. How to fix Information Exposure? Upgrade `org.rundeck:rundeck` to version 4.2.2-20220615, 4.3.1-20220615 or higher.	[,4.2.2-20220615)[4.3.0-20220602,4.3.1-20220615)

Information Exposure

org.rundeck:rundeck is an enable Self-Service Operations package which gives specific users access to your existing tools, services, and scripts.

Affected versions of this package are vulnerable to Information Exposure. The Key Storage converter plugin mechanism was not enabled correctly, resulting in the use of the encryption layer for Key Storage possibly not working. Exploiting this vulnerability leads to any credentials created or overwritten being written in plaintext to the backend storage.

Note: This vulnerability affects those using any Storage Converter plugin.

How to fix Information Exposure?

Upgrade org.rundeck:rundeck to version 4.2.2-20220615, 4.3.1-20220615 or higher.

[,4.2.2-20220615)[4.3.0-20220602,4.3.1-20220615)

Go back to all versions of this package