RELEASED: Public: 2020-07-15
Security fixes
-
CloudBees Internal Ticket: [CTR-1983]
-
Fix reflected XSS vulnerability in Join operations center Cluster Page
The Join operations center Cluster page in connected controllers was not escaping some parameters received by URL. This vulnerability was exploitable by an attacker (no permissions required) sharing a malicious URL with an Administer user.
With this fix, the parameters causing the vulnerability are escaped.