Join our AI Design Partner Program to get early access to latest innovations →

CloudBees CI Security Advisory 2025-10-15

This advisory announces vulnerabilities in CloudBees CI

List/Move/Copy/Promote remote permission checks do not work for "trusted controller" security enforcement setting

BEE-56890
Severity (CVSS): Medium
Description:

Operations Center Context Plugin 3.27808 and earlier do not apply the Authentication Mapping when listing jobs or executing Move/Copy/Promote job operations in other controllers.

This allows users on untrusted controllers to list jobs or execute Move/Copy/Promote job operations in other controllers.

Operations Center Context Plugin 3.27828 properly applies the Authentication Mapping for these operations.

These insecure operations that were allowed in previous versions will be blocked from this version. In case this is a desired behaviour, you need to modify the controller Authentication Mapping to Trusted for the affected controllers.

Severity

Fix

  • CloudBees Traditional Platforms should be upgraded to 2.528.1.29783

  • CloudBees Cloud Platforms should be upgraded to 2.528.1.29783

More Security Advisories

Continuously redefine what’s possible through software

© 2025 CloudBees, Inc., CloudBees® and the Infinity logo® are registered trademarks of CloudBees, Inc. in the United States and may be registered in other countries. Other products or brand names may be trademarks or registered trademarks of CloudBees, Inc. or their respective holders.
Terms of Service