CVE-2021-41112

Name of the Vulnerable Software and Affected Versions Rundeck versions prior to 3.4.5

Description Rundeck is an open source automation service with a web console, command line tools and a WebAPI. In versions prior to 3.4.5, authenticated users could craft a request to modify or delete System or Project level Calendars, without appropriate authorization. Modifying or removing calendars could cause Scheduled Jobs to execute, or not execute on desired calendar days. Severity depends on the trust level of authenticated users and the impact of running or not running scheduled jobs on days governed by calendar definitions.

Recommendations For versions prior to 3.4.5, update to version 3.4.5 to resolve the issue. As a temporary workaround, consider restricting access to the calendar modification functionality to minimize the risk of exploitation.