RELEASED: Public: 2020-03-09
CloudBees Internal Ticket: [CTR-1037]
Operations Center Server Cluster Operations build requests accepted HTTP GET calls, which made it vulnerable to cross site request forgery (CSRF) attacks.
With this fix, the Operations Center Server Cluster Operations build requests endpoint is now only accepting HTTP POST requests, removing the vulnerability.
This only affects installations that use the Operations Center Cluster Operations Plugin.