CloudBees Role-Based Access Control Plugin 5.35

1 minute read

RELEASED: Public: 2020-07-15

Security advisory

TBD

Security fixes

  • CloudBees Internal Ticket: [CTR-1980]

  • Fix stored XSS vulnerability in CloudBees Role-Based Access Control plugin

    The text in Group descriptions and Role IDs could be used to store malicious code. This malicious code would then be run if users moused over icons to display tooltips that included the Group description or the Role ID.

    With this fix, the text in both Group descriptions and Role IDs is escaped by using the configured markup formatter.

New features

None.

Resolved issues

None.

Known issues

None.

Upgrade notes

None.