RELEASED: Public: 2020-07-15
Security fixes
-
CloudBees Internal Ticket: [CTR-2018]
-
Fix stored XSS in Configure Global Security due to operations center Connection
A cross-site scripting (XSS) attack was possible in connected controllers by saving a malicious operations center URL in the global security configuration of connected controllers.
With this fix, the parameters causing the vulnerability are escaped.