CloudBees WikiText Security Plugin 3.12

1 minute read

RELEASED: Public: 2020-04-27

Security advisory


Security fixes

  • CloudBees Internal Ticket: FNDJEN-2010

    Wikitext Plugin 3.9 and earlier does not escape the formatted text using Media Wiki, Textile and TWiki syntax formatters. This results in a stored cross-site scripting vulnerability that can be exploited by users with Job/Configure permission.

This version escapes the formatted text before printing it out.