Impact
Authenticated users could craft a request to modify or delete System or Project level Calendars, without appropriate authorization. Modifying or removing calendars could cause Scheduled Jobs to execute, or not execute on desired calendar days.
Severity depends on trust level of authenticated users and impact of running or not running scheduled jobs on days governed by calendar definitions.
Patches
Update to 3.4.5
Workarounds
None
References
Are there any links users can visit to find out more?
For more information
If you have any questions or comments about this advisory:
To report security issues to Rundeck please use the form at http://rundeck.com/security
Impact
Authenticated users could craft a request to modify or delete System or Project level Calendars, without appropriate authorization. Modifying or removing calendars could cause Scheduled Jobs to execute, or not execute on desired calendar days.
Severity depends on trust level of authenticated users and impact of running or not running scheduled jobs on days governed by calendar definitions.
Patches
Update to 3.4.5
Workarounds
None
References
Are there any links users can visit to find out more?
For more information
If you have any questions or comments about this advisory:
To report security issues to Rundeck please use the form at http://rundeck.com/security