cnvd - cnvd-2020-27231

CNVD-2020-27231

Vulnerability from cnvd - Published: 2020-05-09

Title

Rundeck信息泄露漏洞

Description

Rundeck是美国Rundeck公司的一款带有Web控制台、命令行工具和WebAPI的开源自动化服务，它主要用于运行自动化任务。 Rundeck 3.2.6之前版本中存在安全漏。攻击者可通过发送请求利用该漏洞获取Execution数据、日志及Job详情。

Severity

中

Patch Name

Rundeck信息泄露漏洞的补丁

Patch Description

Rundeck是美国Rundeck公司的一款带有Web控制台、命令行工具和WebAPI的开源自动化服务，它主要用于运行自动化任务。 Rundeck 3.2.6之前版本中存在安全漏。攻击者可通过发送请求利用该漏洞获取Execution数据、日志及Job详情。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://docs.rundeck.com/docs/history/3_2_x/version-3.2.6.html

Impacted products

Name
Rundeck Rundeck <3.2.6

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-11009"
    }
  },
  "description": "Rundeck\u662f\u7f8e\u56fdRundeck\u516c\u53f8\u7684\u4e00\u6b3e\u5e26\u6709Web\u63a7\u5236\u53f0\u3001\u547d\u4ee4\u884c\u5de5\u5177\u548cWebAPI\u7684\u5f00\u6e90\u81ea\u52a8\u5316\u670d\u52a1\uff0c\u5b83\u4e3b\u8981\u7528\u4e8e\u8fd0\u884c\u81ea\u52a8\u5316\u4efb\u52a1\u3002\n\nRundeck 3.2.6\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u53d1\u9001\u8bf7\u6c42\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6Execution\u6570\u636e\u3001\u65e5\u5fd7\u53caJob\u8be6\u60c5\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://docs.rundeck.com/docs/history/3_2_x/version-3.2.6.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-27231",
  "openTime": "2020-05-09",
  "patchDescription": "Rundeck\u662f\u7f8e\u56fdRundeck\u516c\u53f8\u7684\u4e00\u6b3e\u5e26\u6709Web\u63a7\u5236\u53f0\u3001\u547d\u4ee4\u884c\u5de5\u5177\u548cWebAPI\u7684\u5f00\u6e90\u81ea\u52a8\u5316\u670d\u52a1\uff0c\u5b83\u4e3b\u8981\u7528\u4e8e\u8fd0\u884c\u81ea\u52a8\u5316\u4efb\u52a1\u3002\r\n\r\nRundeck 3.2.6\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u53d1\u9001\u8bf7\u6c42\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6Execution\u6570\u636e\u3001\u65e5\u5fd7\u53caJob\u8be6\u60c5\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Rundeck\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Rundeck Rundeck \u003c3.2.6"
  },
  "serverity": "\u4e2d",
  "submitTime": "2020-04-30",
  "title": "Rundeck\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}

CVE-2020-11009 (GCVE-0-2020-11009)

Vulnerability from cvelistv5 – Published: 2020-04-29 16:30 – Updated: 2024-08-04 11:21

Title

IDOR can reveal execution data and logs to unauthorized user in Rundeck

Summary

In Rundeck before version 3.2.6, authenticated users can craft a request that reveals Execution data and logs and Job details that they are not authorized to see. Depending on the configuration and the way that Rundeck is used, this could result in anything between a high severity risk, or a very low risk. If access is tightly restricted and all users on the system have access to all projects, this is not really much of an issue. If access is wider and allows login for users that do not have access to any projects, or project access is restricted, there is a larger issue. If access is meant to be restricted and secrets, sensitive data, or intellectual property are exposed in Rundeck execution output and job data, the risk becomes much higher. This vulnerability is patched in version 3.2.6

Severity ?

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Assigner

GitHub_M

References

URL

Tags

	https://github.com/rundeck/rundeck/security/advis…	x_refsource_CONFIRM
	https://docs.rundeck.com/docs/history/3_2_x/versi…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	rundeck	rundeck	Affected: < 3.2.6

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T11:21:14.168Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/rundeck/rundeck/security/advisories/GHSA-5679-7qrc-5m7j"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://docs.rundeck.com/docs/history/3_2_x/version-3.2.6.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "rundeck",
          "vendor": "rundeck",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 3.2.6"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In Rundeck before version 3.2.6, authenticated users can craft a request that reveals Execution data and logs and Job details that they are not authorized to see. Depending on the configuration and the way that Rundeck is used, this could result in anything between a high severity risk, or a very low risk. If access is tightly restricted and all users on the system have access to all projects, this is not really much of an issue. If access is wider and allows login for users that do not have access to any projects, or project access is restricted, there is a larger issue. If access is meant to be restricted and secrets, sensitive data, or intellectual property are exposed in Rundeck execution output and job data, the risk becomes much higher. This vulnerability is patched in version 3.2.6"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-200",
              "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-04-29T16:30:14",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/rundeck/rundeck/security/advisories/GHSA-5679-7qrc-5m7j"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://docs.rundeck.com/docs/history/3_2_x/version-3.2.6.html"
        }
      ],
      "source": {
        "advisory": "GHSA-5679-7qrc-5m7j",
        "discovery": "UNKNOWN"
      },
      "title": "IDOR can reveal execution data and logs to unauthorized user in Rundeck",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2020-11009",
          "STATE": "PUBLIC",
          "TITLE": "IDOR can reveal execution data and logs to unauthorized user in Rundeck"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "rundeck",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003c 3.2.6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "rundeck"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In Rundeck before version 3.2.6, authenticated users can craft a request that reveals Execution data and logs and Job details that they are not authorized to see. Depending on the configuration and the way that Rundeck is used, this could result in anything between a high severity risk, or a very low risk. If access is tightly restricted and all users on the system have access to all projects, this is not really much of an issue. If access is wider and allows login for users that do not have access to any projects, or project access is restricted, there is a larger issue. If access is meant to be restricted and secrets, sensitive data, or intellectual property are exposed in Rundeck execution output and job data, the risk becomes much higher. This vulnerability is patched in version 3.2.6"
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/rundeck/rundeck/security/advisories/GHSA-5679-7qrc-5m7j",
              "refsource": "CONFIRM",
              "url": "https://github.com/rundeck/rundeck/security/advisories/GHSA-5679-7qrc-5m7j"
            },
            {
              "name": "https://docs.rundeck.com/docs/history/3_2_x/version-3.2.6.html",
              "refsource": "MISC",
              "url": "https://docs.rundeck.com/docs/history/3_2_x/version-3.2.6.html"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-5679-7qrc-5m7j",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2020-11009",
    "datePublished": "2020-04-29T16:30:14",
    "dateReserved": "2020-03-30T00:00:00",
    "dateUpdated": "2024-08-04T11:21:14.168Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2020-27231

CVE-2020-11009 (GCVE-0-2020-11009)

Tags

Sightings

Nomenclature