RELEASED: Public: 2017-12-06
-
CloudBees Role-Based Access Control plugin
Security advisory
-
CloudBees Internal Ticket: CJP-7737
Users without Role View permission were able to view all roles and the permissions assigned to each role through other objects in the Jenkins REST API. Users are now required to have Role View permission to access this information via the API.