Operations Center Client Plugin 2.190.31.3

1 minute read

RELEASED: Public: 2020-07-15

Security advisory

TBD

Security fixes

  • CloudBees Internal Ticket: [CTR-2018]

  • Fix stored XSS in Configure Global Security due to operations center Connection

    A cross-site scripting (XSS) attack was possible in connected controllers by saving a malicious operations center URL in the global security configuration of connected controllers.

    With this fix, the parameters causing the vulnerability are escaped.

New features

None.

Resolved issues

None.

Known issues

None.

Upgrade notes

None.