Affected Versions: < 3.4.5, < 3.3.*
Patched Versions: 3.4.5+
Authenticated users could craft a request to modify or delete System or Project level Calendars, without appropriate authorization. Modifying or removing calendars could cause Scheduled Jobs to execute, or not execute on desired calendar days.
Severity depends on trust level of authenticated users and impact of running or not running scheduled jobs on days governed by calendar definitions.
Update to 3.4.5 or later.
For more information If you have any questions or comments about this advisory:
Email us at email@example.com To report security issues to Rundeck please use the form at http://rundeck.com/security