CVE-2021-41112

Impact: Moderate

Affected Versions: < 3.4.5, < 3.3.*

Patched Versions: 3.4.5+

Impact

Authenticated users could craft a request to modify or delete System or Project level Calendars, without appropriate authorization. Modifying or removing calendars could cause Scheduled Jobs to execute, or not execute on desired calendar days.

Severity depends on trust level of authenticated users and impact of running or not running scheduled jobs on days governed by calendar definitions.

Patches

Update to 3.4.5 or later.

Workarounds

None

For more information If you have any questions or comments about this advisory:

Email us at security@rundeck.com To report security issues to Rundeck please use the form at http://rundeck.com/security