Operations Center Client Plugin 2.235.0.4

1 minute read

RELEASED: Public: 2020-07-15

Security advisory

TBD

Security fixes

  • CloudBees Internal Ticket: [CTR-1983]

  • Fix reflected XSS vulnerability in Join operations center Cluster Page

    The Join operations center Cluster page in connected controllers was not escaping some parameters received by URL. This vulnerability was exploitable by an attacker (no permissions required) sharing a malicious URL with an Administer user.

    With this fix, the parameters causing the vulnerability are escaped.

New features

None.

Resolved issues

None.

Known issues

None.

Upgrade notes

None.