RELEASED: Public: 2019-08-02
Security advisory * CloudBees Internal Ticket: CTR-427
+ Problem: Any "StringCredentials"/"Secret Text" value within the Jenkins instance can be compromised by a malicious attacker using checkAccountCredentials endpoint.
+ Fix: CSRF protection enabled by POST requirement. CONFIGURATION permissions on the backup item has been introduced.