GHSA-4c2w-wcw4-8jv9
GitHub Security Advisory
Jenkins Rundeck Plugin CSRF vulnerability
✓ GitHub Reviewed
MODERATE
Has CVE
Advisory Details
Jenkins Rundeck Plugin does not perform permission checks on a method implementing form validation. This allows users with Overall/Read access to Jenkins to initiate a connection test to an attacker-specified server with attacker-specified username and password.
Additionally, the form validation method does not require POST requests, resulting in a CSRF vulnerability.
Affected Packages
Maven
org.jenkins-ci.plugins:rundeck
Affected versions:
0
(fixed in 3.6.6)
Related CVEs
Key Information
5.0
/10
Dataset
Last updated: August 25, 2025 6:33 AM
Data from GitHub Advisory Database. This information is provided for research and educational purposes.