CVE-2024-38820

Description

CVE-2024-38820 is a vulnerability in Spring Framework's DataBinder that could potentially allow attackers to bypass property access restrictions through manipulation of allowed fields.

Low - After thorough code analysis across rundeck, rundeckpro, and rundeck-plugins repositories, no direct or indirect usage of DataBinder, disallowedFields, or setDisallowedFields was identified. The only matches found were in binary files, which does not indicate active use of the vulnerable functionality.

Affected Versions

Since the vulnerable component is not used in Rundeck codebases, no versions are directly affected by this vulnerability.

References

National Vulnerability Database - CVE-2024-38820
Spring Framework Security Advisory

CVE-2024-38820

CVE-2024-38820

Description

Severity

Affected Versions

References