CVE-2021-41112

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2021-41112

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-41112.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-41112

Related

GHSA-f68p-c9wh-j2q8

Published

2022-02-28T20:15:08.247Z

Modified

2026-04-10T04:38:12.868758Z

Severity

8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H CVSS Calculator

Summary

[none]

Details

Rundeck is an open source automation service with a web console, command line tools and a WebAPI. In versions prior to 3.4.5, authenticated users could craft a request to modify or delete System or Project level Calendars, without appropriate authorization. Modifying or removing calendars could cause Scheduled Jobs to execute, or not execute on desired calendar days. Severity depends on trust level of authenticated users and impact of running or not running scheduled jobs on days governed by calendar definitions. Version 3.4.5 contains a patch for this issue. There are currently no known workarounds.

References

https://github.com/rundeck/rundeck/security/advisories/GHSA-f68p-c9wh-j2q8

Affected packages

Git / github.com/rundeck/rundeck

Affected ranges

Type

GIT

Repo

https://github.com/rundeck/rundeck

Events

Introduced

Fixed

0b2044ed863e2d5deda31db8f2f3bce48a347770

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "3.4.5"
        }
    ]
}

Affected versions

Other

grails338-oci-baseline

v1.*

v1.1

v1.1-docs1

v1.3

v1.4

v1.4.0

v1.4.0.1

v1.4.1

v1.4.3

v1.4.4

v1.5

v1.5-01

v1.5-02

v1.5-03

v1.5-1

v1.5-rc1

v1.5-rc2

v1.5.1

v1.5.2

v1.5.3

v1.6.0

v1.6.0-rc1

v1.6.0-rc2

v1.6.0-rc3

v2.*

v2.0.1

v2.0.2

v2.0.3

v2.1.0

v2.1.1

v2.1.2

v2.10.0

v2.10.1

v2.10.2

v2.10.3

v2.10.4

v2.10.5

v2.10.6

v2.10.7

v2.10.8

v2.11.0

v2.11.1

v2.2.0

v2.2.1

v2.2.2

v2.2.3

v2.3.0

v2.3.1

v2.3.2

v2.4.0

v2.5.0

v2.5.1

v2.6.0

v2.6.1

v2.6.2

v2.6.3

v2.6.4

v2.6.5

v2.6.6

v2.6.7

v2.6.8

v2.7.0

v2.7.1

v2.7.2

v2.7.3

v2.8.0

v2.8.1

v2.8.2

v2.8.3

v2.8.4

v2.9.0

v2.9.1

v2.9.2

v2.9.3

v2.9.4

v3.*

v3.0.0

v3.0.0-alpha1

v3.0.0-alpha1-2

v3.0.0-alpha2

v3.0.0-alpha4

v3.0.0-beta1

v3.0.11

v3.0.13

v3.0.14

v3.0.15

v3.0.16

v3.0.17

v3.0.18

v3.0.19

v3.0.20

v3.0.21

v3.0.6

v3.0.7

v3.0.8

v3.0.9

v3.1.0

v3.1.1

v3.1.2

v3.2.1

v3.2.2

v3.2.5

v3.2.6

v3.3.0

v3.3.0-preview1

v3.3.0-preview2

v3.3.1

v3.3.5

v3.3.6

v3.3.6-rc2

v3.3.6-rc3

v3.3.6-rc4

v3.3.7

v3.3.7-rc1

v3.3.7-rc2

v3.3.8

v3.3.8-rc1

v3.3.8-rc5

v3.3.8-rc6

v3.3.8-rc7

v3.4.5-rc2

v3.4.5-rc3

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-41112.json"