RELEASED: Public: 2020-11-04
Security fixes
- Lack of access control on some read-only endpoints on Cloud Foundry Bosh CLI Plugin (CTR-1878)
-
The Cloud Foundry Bosh CLI Plugin does not perform permission checks on the method that lists credentials in form population, making the method accessible to attackers with Overall/Read access.
Now the Cloud Foundry Bosh CLI Plugin requires, at a minimum, the permission to configure the job on the method that lists credentials in form population.