Operations Center Server Cluster Operations 2.150.2.7

1 minute read

Security fixes

  • CloudBees Internal Ticket: [CTR-1036]

  • Fix persistent XSS vulnerability in the List View

    The Operations Center Cluster Operations Plugin did not escape the click event on the Cluster Operation checkbox. This lapse resulted in a stored cross-site scripting vulnerability, exploitable by users with Overall/Administer permissions in Operations Center.

    The JavaScript code was changed to prevent this vulnerability.

New features

None.

Resolved issues

None.

Known issues

None.

Upgrade notes

None.