CloudBees Security Advisory2023-05-03
This advisory announces vulnerabilities in
,
and
CloudBees CI
,
and
CloudBees Jenkins Platform

Low-Privilege Users to Run Restores at Will
BEE-29577
Severity (CVSS): [pill:Medium|https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N]
Affected plugins: [pill:infradna-backup|https://docs.cloudbees.com/plugins/ci/infradna-backup]
Description:
A user with Job/Configure privilege could restore backups when the lack of permissions should prevent it.
Backup Jobs Can Be Broken by Low-Privilege User With Job/Configure
BEE-29576
Severity (CVSS): [pill:Medium|https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N]
Affected plugins: [pill:infradna-backup|https://docs.cloudbees.com/plugins/ci/infradna-backup]
Description:
A user with Job/Configure privilege could break backup jobs created by other users
Note
Warning
Fix
- CloudBees Traditional Platforms should be upgraded to 2.387.3.3
- CloudBees Cloud Platforms should be upgraded to 2.387.3.3.
- CloudBees Jenkins Platform (fixed train, CJP Operations Center and CJP Client Master (2.346.x.0.z)) should be upgraded to 2.346.40.0.16