Skip to main content

CVE-2021-41112

CVE-2021-41112

Impact: Moderate

Affected Versions: < 3.4.5, < 3.3.*

Patched Versions: 3.4.5+

Impact

Authenticated users could craft a request to modify or delete System or Project level Calendars, without appropriate authorization. Modifying or removing calendars could cause Scheduled Jobs to execute, or not execute on desired calendar days.

Severity depends on trust level of authenticated users and impact of running or not running scheduled jobs on days governed by calendar definitions.

Patches

Update to 3.4.5 or later.

Workarounds

None

For more information
If you have any questions or comments about this advisory:

Email us at security@rundeck.com
To report security issues to Rundeck please use the form at http://rundeck.com/security