CVE-2023-47112 - Vulnerability Details

Vendors	Products
Pagerduty	Rundeck

Source	ID	Title
EUVD	EUVD-2023-3065	Rundeck is an open source automation service with a web console, command line tools and a WebAPI. In affected versions access to two URLs used in both Rundeck Open Source and Process Automation products could allow authenticated users to access the URL path, which provides a list of job names and groups for any project, without the necessary authorization checks. The output of these endpoints only exposes the name of job groups and the jobs contained within the specified project. The output is read-only and the access does not allow changes to the information. This vulnerability has been patched in version 4.17.3. Users are advised to upgrade. Users unable to upgrade may block access to the two URLs used in either Rundeck Open Source or Process Automation products at a load balancer level.
Github GHSA	GHSA-xvmv-4rx6-x6jx	Authenticated users can view job names and groups they do not have authorization to view

Link	Providers
https://github.com/rundeck/rundeck/security/advisories/GHSA-xvmv-4rx6-x6jx

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-47112", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-10-30T19:57:51.673Z", "datePublished": "2023-11-16T22:01:07.727Z", "dateUpdated": "2024-08-29T14:48:58.458Z"}, "containers": {"cna": {"title": "Authenticated users can view job names and groups they do not have authorization to view in Rundeck", "problemTypes": [{"descriptions": [{"cweId": "CWE-862", "lang": "en", "description": "CWE-862: Missing Authorization", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/rundeck/rundeck/security/advisories/GHSA-xvmv-4rx6-x6jx", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/rundeck/rundeck/security/advisories/GHSA-xvmv-4rx6-x6jx"}], "affected": [{"vendor": "rundeck", "product": "rundeck", "versions": [{"version": ">= 4.17.0, < 4.17.3", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-11-16T22:01:07.727Z"}, "descriptions": [{"lang": "en", "value": "Rundeck is an open source automation service with a web console, command line tools and a WebAPI. In affected versions access to two URLs used in both Rundeck Open Source and Process Automation products could allow authenticated users to access the URL path, which provides a list of job names and groups for any project, without the necessary authorization checks. The output of these endpoints only exposes the name of job groups and the jobs contained within the specified project. The output is read-only and the access does not allow changes to the information. This vulnerability has been patched in version 4.17.3. Users are advised to upgrade. Users unable to upgrade may block access to the two URLs used in either Rundeck Open Source or Process Automation products at a load balancer level."}], "source": {"advisory": "GHSA-xvmv-4rx6-x6jx", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T21:01:22.807Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/rundeck/rundeck/security/advisories/GHSA-xvmv-4rx6-x6jx", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/rundeck/rundeck/security/advisories/GHSA-xvmv-4rx6-x6jx"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-29T14:44:07.892028Z", "id": "CVE-2023-47112", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-29T14:48:58.458Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-47112", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-10-30T19:57:51.673Z", "datePublished": "2023-11-16T22:01:07.727Z", "dateUpdated": "2024-08-29T14:48:58.458Z"}, "containers": {"cna": {"title": "Authenticated users can view job names and groups they do not have authorization to view in Rundeck", "problemTypes": [{"descriptions": [{"cweId": "CWE-862", "lang": "en", "description": "CWE-862: Missing Authorization", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/rundeck/rundeck/security/advisories/GHSA-xvmv-4rx6-x6jx", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/rundeck/rundeck/security/advisories/GHSA-xvmv-4rx6-x6jx"}], "affected": [{"vendor": "rundeck", "product": "rundeck", "versions": [{"version": ">= 4.17.0, < 4.17.3", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-11-16T22:01:07.727Z"}, "descriptions": [{"lang": "en", "value": "Rundeck is an open source automation service with a web console, command line tools and a WebAPI. In affected versions access to two URLs used in both Rundeck Open Source and Process Automation products could allow authenticated users to access the URL path, which provides a list of job names and groups for any project, without the necessary authorization checks. The output of these endpoints only exposes the name of job groups and the jobs contained within the specified project. The output is read-only and the access does not allow changes to the information. This vulnerability has been patched in version 4.17.3. Users are advised to upgrade. Users unable to upgrade may block access to the two URLs used in either Rundeck Open Source or Process Automation products at a load balancer level."}], "source": {"advisory": "GHSA-xvmv-4rx6-x6jx", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T21:01:22.807Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/rundeck/rundeck/security/advisories/GHSA-xvmv-4rx6-x6jx", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/rundeck/rundeck/security/advisories/GHSA-xvmv-4rx6-x6jx"}]}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-47112", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-08-29T14:44:07.892028Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-29T14:48:50.791Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:pagerduty:rundeck:*:*:*:*:*:*:*:*", "matchCriteriaId": "716626F7-3AD7-434A-AF44-5B937712AB85", "versionEndExcluding": "4.17.3", "versionStartIncluding": "4.17.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Rundeck is an open source automation service with a web console, command line tools and a WebAPI. In affected versions access to two URLs used in both Rundeck Open Source and Process Automation products could allow authenticated users to access the URL path, which provides a list of job names and groups for any project, without the necessary authorization checks. The output of these endpoints only exposes the name of job groups and the jobs contained within the specified project. The output is read-only and the access does not allow changes to the information. This vulnerability has been patched in version 4.17.3. Users are advised to upgrade. Users unable to upgrade may block access to the two URLs used in either Rundeck Open Source or Process Automation products at a load balancer level."}, {"lang": "es", "value": "Rundeck es un servicio de automatizaci\u00f3n de c\u00f3digo abierto con una consola web, herramientas de l\u00ednea de comandos y una WebAPI. En las versiones afectadas, el acceso a dos URL utilizadas en los productos Rundeck Open Source y Process Automation podr\u00eda permitir a los usuarios autenticados acceder a la ruta URL, que proporciona una lista de nombres de trabajos y grupos para cualquier proyecto, sin las comprobaciones de autorizaci\u00f3n necesarias. La salida de estos endpoints solo expone el nombre de los grupos de trabajos y los trabajos contenidos dentro del proyecto especificado. La salida es de s\u00f3lo lectura y el acceso no permite cambios en la informaci\u00f3n. Esta vulnerabilidad ha sido parcheada en la versi\u00f3n 4.17.3. Se recomienda a los usuarios que actualicen. Los usuarios que no puedan actualizar pueden bloquear el acceso a las dos URL utilizadas en los productos Rundeck Open Source o Process Automation a nivel de balanceador de carga."}], "id": "CVE-2023-47112", "lastModified": "2024-11-21T08:29:48.123", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-11-16T22:15:28.157", "references": [{"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/rundeck/rundeck/security/advisories/GHSA-xvmv-4rx6-x6jx"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://github.com/rundeck/rundeck/security/advisories/GHSA-xvmv-4rx6-x6jx"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object