CloudBees Security Advisory 2016-07-05
CloudBees Jenkins Platform Security Advisory 2016-07-05
This advisory announces a vulnerability in the CloudBees Template Plugin.
Failure to enforce template read permission
CJP-4615
The CloudBees Template Plugin did not prevent users without access to a specific template from creating jobs referencing that template via the API, resulting in potential exposure of secrets added to job configurations by the template transformation to users who neither have access to the template nor to other jobs based on that template.
Severity
CJP-4615 is considered low
Fix
Users of CloudBees Jenkins Platform 1.642.x.y should update it to version 1.642.18.3, or update the CloudBees Template Plugin to version 4.24.
Users of CloudBees Jenkins Platform 1.625.x.y should update it to version 1.625.18.3, or update the CloudBees Template Plugin to version 4.24.
Users of CloudBees Jenkins Platform 1.609.x.y should update it to version 1.609.18.3, or update the CloudBees Template Plugin to version 4.22.1.
DEV@cloud is already protected