CloudBees Assurance Plugin 2.276.0.3

RELEASED: Public: {2021-06-RELEASE-DATE}

Security advisory

{YYYY-MM-SECURITY-ADVISORY}[CloudBees Security Advisory {YYYY-MM-RELEASE-DATE}]

CloudBees Assurance Plugin 2.276.0.3 requires POST requests for the reconfigure HTTP endpoint.

Security fixes

CloudBees Assurance Plugin 2.276.0.2 and earlier does not require POST requests for the form submission endpoint reconfiguring the update center, resulting in a cross-site request forgery (CSRF) vulnerability.

This vulnerability allows attackers to configure the default update center removing the one already applied.

Fix Description: CloudBees Assurance Plugin 2.276.0.3 requires POST requests for the reconfigure HTTP endpoint.