CVE-2021-41112
CVE-2021-41112
Impact: Moderate
Affected Versions: < 3.4.5, < 3.3.*
Patched Versions: 3.4.5+
Impact
Authenticated users could craft a request to modify or delete System or Project level Calendars, without appropriate authorization. Modifying or removing calendars could cause Scheduled Jobs to execute, or not execute on desired calendar days.
Severity depends on trust level of authenticated users and impact of running or not running scheduled jobs on days governed by calendar definitions.
Patches
Update to 3.4.5 or later.
Workarounds
None
For more information If you have any questions or comments about this advisory:
Email us at security@rundeck.com To report security issues to Rundeck please use the form at http://rundeck.com/security