cvedb.io
CVE-2021-39133
HIGH · CVSS 7.2
EPSS exploitation probability: 0%
Published 2021-08-30T20:15:07.730 · Last modified 2026-06-17T04:03:07.903

Summary

Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Prior to version 3.3.14 and version 3.4.3, a user with `admin` access to the `system` resource type is potentially vulnerable to a CSRF attack that could cause the server to run untrusted code on all Rundeck editions. Patches are available in Rundeck versions 3.4.3 and 3.3.14.

Affected products

pagerduty — rundeck

Does this affect you?

Add your gear to cvedb and we'll alert you only when pagerduty ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.