CloudBees Security Advisory 2016-07-05

CloudBees Jenkins Platform Security Advisory 2016-07-05

This advisory announces a vulnerability in the CloudBees Template Plugin.

Failure to enforce template read permission

CJP-4615

The CloudBees Template Plugin did not prevent users without access to a specific template from creating jobs referencing that template via the API, resulting in potential exposure of secrets added to job configurations by the template transformation to users who neither have access to the template nor to other jobs based on that template.

Severity

  • CJP-4615 is considered low

Fix

  • Users of CloudBees Jenkins Platform 1.642.x.y should update it to version 1.642.18.3, or update the CloudBees Template Plugin to version 4.24.

  • Users of CloudBees Jenkins Platform 1.625.x.y should update it to version 1.625.18.3, or update the CloudBees Template Plugin to version 4.24.

  • Users of CloudBees Jenkins Platform 1.609.x.y should update it to version 1.609.18.3, or update the CloudBees Template Plugin to version 4.22.1.

  • DEV@cloud is already protected

More Security Advisories
From code to customer. Continuously advancing your business.
Product Capabilities
Resources
Why CloudBees
Policy Links
Developers
© 2023 CloudBees, Inc., CloudBees® and the Infinity logo® are registered trademarks of CloudBees, Inc. in the United States and may be registered in other countries. Other products or brand names may be trademarks or registered trademarks of CloudBees, Inc. or their respective holders. Jenkins® is a registered trademark of LF Charities Inc.