Rundeck Docs

# Security Advisories

There are no currently no urgent security issues the team is working on.

For information about Log4j / Log4Shell please see this page.

# Past Rundeck CVEs

These are the Security Advisories Rundeck has issued in the past. It is always recommended to upgrade to the current version of Rundeck (3.4.10) for the latest security updates.

  • CVE-2021-41112
    Authenticated users can modify Calendars without appropriate authorization.
  • CVE-2021-41111
    Webhook data and tokens can be revealed to an unauthorized user.
  • CVE-2021-39133
    Cross-Site Request Forgery (CSRF) can run untrusted code on Rundeck server.
  • CVE-2021-39132
    YAML deserialization can run untrusted code.
  • CVE-2020-11009
    IDOR can reveal execution data and logs to unauthorized user.

Release 3.4.10