RELEASED: Public: 2020-03-25
Security fixes
-
CloudBees Internal Ticket: [CTR-1036]
-
Fix persistent XSS vulnerability in the List View
The Operations Center Cluster Operations Plugin did not escape the click event on the Cluster Operation checkbox. This lapse resulted in a stored cross-site scripting vulnerability, exploitable by users with Overall/Administer permissions in Operations Center.
The JavaScript code was changed to prevent this vulnerability.