Wiz
Vulnerability DatabaseCVE-2021-41112

CVE-2021-41112
Rundeck vulnerability analysis and mitigation

Overview

Rundeck, an open source automation service with a web console, command line tools and a WebAPI, was found to contain a security vulnerability in versions prior to 3.4.5. The vulnerability (CVE-2021-41112) allows authenticated users to modify or delete System or Project level Calendars without appropriate authorization (GitHub Advisory).

Technical details

The vulnerability is classified as an improper authorization issue (CWE-862) where authenticated users could craft requests to modify or delete calendar configurations without having the appropriate permissions. This represents a security control bypass that could affect scheduled job executions (GitHub Advisory).

Impact

The impact of this vulnerability depends on the trust level of authenticated users and the criticality of scheduled jobs. Unauthorized modification or removal of calendars could cause scheduled jobs to execute at unintended times or fail to execute on desired calendar days, potentially disrupting automated workflows and system operations (GitHub Advisory).

Mitigation and workarounds

The vulnerability has been patched in Rundeck version 3.4.5. Users are advised to upgrade to this version or later to address the security issue. No workarounds are available for this vulnerability (GitHub Advisory).

Additional resources

SourceThis report was generated using AI

Related Rundeck vulnerabilities:

CVE ID

Severity

Score

Technologies

Component name

CISA KEV exploit

Has fix

Published date

CVE-2022-29186CRITICAL9.8
  • RundeckRundeck
  • cpe:2.3:a:pagerduty:rundeck
NoYesMay 20, 2022
CVE-2021-41112HIGH8.1
  • RundeckRundeck
  • cpe:2.3:a:pagerduty:rundeck
NoYesFeb 28, 2022
CVE-2022-31044HIGH7.5
  • JavaJava
  • cpe:2.3:a:pagerduty:rundeck
NoYesJun 15, 2022
CVE-2023-48222MEDIUM5.4
  • JavaJava
  • org.rundeck:rundeck
NoYesNov 16, 2023
CVE-2023-47112MEDIUM4.3
  • JavaJava
  • cpe:2.3:a:pagerduty:rundeck
NoYesNov 16, 2023

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

Cloud Threat Landscape

A threat intelligence database

PEACH

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo