1. CVE-Search
  2. CVE-2022-41234
ID CVE-2022-41234
Summary Jenkins Rundeck Plugin 3.6.11 and earlier does not protect access to the /plugin/rundeck/webhook/ endpoint, allowing users with Overall/Read permission to trigger jobs that are configured to be triggerable via Rundeck.
References
Vulnerable Configurations
  • cpe:2.3:a:jenkins:rundeck:1.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:rundeck:1.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:rundeck:1.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:rundeck:1.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:rundeck:1.2:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:rundeck:1.2:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:rundeck:1.3:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:rundeck:1.3:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:rundeck:1.4:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:rundeck:1.4:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:rundeck:1.5:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:rundeck:1.5:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:rundeck:1.5.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:rundeck:1.5.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:rundeck:1.6:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:rundeck:1.6:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:rundeck:1.7:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:rundeck:1.7:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:rundeck:1.8:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:rundeck:1.8:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:rundeck:2.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:rundeck:2.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:rundeck:2.0.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:rundeck:2.0.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:rundeck:2.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:rundeck:2.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:rundeck:2.2:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:rundeck:2.2:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:rundeck:2.3:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:rundeck:2.3:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:rundeck:2.3.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:rundeck:2.3.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:rundeck:2.4:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:rundeck:2.4:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:rundeck:2.5:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:rundeck:2.5:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:rundeck:2.6:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:rundeck:2.6:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:rundeck:2.7:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:rundeck:2.7:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:rundeck:2.8:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:rundeck:2.8:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:rundeck:2.9:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:rundeck:2.9:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:rundeck:2.10:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:rundeck:2.10:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:rundeck:2.11:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:rundeck:2.11:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:rundeck:3.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:rundeck:3.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:rundeck:3.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:rundeck:3.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:rundeck:3.2:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:rundeck:3.2:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:rundeck:3.3:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:rundeck:3.3:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:rundeck:3.4:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:rundeck:3.4:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:rundeck:3.5:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:rundeck:3.5:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:rundeck:3.5.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:rundeck:3.5.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:rundeck:3.5.2:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:rundeck:3.5.2:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:rundeck:3.5.3:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:rundeck:3.5.3:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:rundeck:3.5.4:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:rundeck:3.5.4:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:rundeck:3.6.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:rundeck:3.6.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:rundeck:3.6.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:rundeck:3.6.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:rundeck:3.6.2:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:rundeck:3.6.2:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:rundeck:3.6.3:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:rundeck:3.6.3:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:rundeck:3.6.4:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:rundeck:3.6.4:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:rundeck:3.6.5:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:rundeck:3.6.5:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:rundeck:3.6.6:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:rundeck:3.6.6:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:rundeck:3.6.7:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:rundeck:3.6.7:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:rundeck:3.6.8:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:rundeck:3.6.8:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:rundeck:3.6.9:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:rundeck:3.6.9:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:rundeck:3.6.10:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:rundeck:3.6.10:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:rundeck:3.6.11:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:rundeck:3.6.11:*:*:*:*:jenkins:*:*
CVSS
Base: None
Impact:
Exploitability:
CWE CWE-862
CAPEC
Access
VectorComplexityAuthentication
Impact
ConfidentialityIntegrityAvailability
Last major update 01-11-2023 - 20:31
Published 21-09-2022 - 16:15
Last modified 01-11-2023 - 20:31
Back to Top