RELEASED: Public: 2020-11-04
Security fixes
- Lack of access control on some read-only endpoints on CloudBees Cloud Foundry CLI Plugin (CTR-1879)
-
The CloudBees Cloud Foundry CLI Plugin does not perform permission checks on the method that lists credentials in the form population, making the method accessible to attackers with Overall/Read access.
Now the CloudBees Cloud Foundry CLI Plugin requires, at a minimum, the permission to configure the job.