CloudBees Role-Based Access Control Plugin 5.35

1 minute read

RELEASED: Public: 2020-07-15

Security advisory


Security fixes

  • CloudBees Internal Ticket: [CTR-1980]

  • Fix stored XSS vulnerability in CloudBees Role-Based Access Control plugin

    The text in Group descriptions and Role IDs could be used to store malicious code. This malicious code would then be run if users moused over icons to display tooltips that included the Group description or the Role ID.

    With this fix, the text in both Group descriptions and Role IDs is escaped by using the configured markup formatter.

New features


Resolved issues


Known issues


Upgrade notes