Security Advisories

CloudBees CI Security Advisory2025-10-15

This advisory announces vulnerabilities in 

,

and

CloudBees CI

List/Move/Copy/Promote remote permission checks do not work for "trusted controller" security enforcement setting

BEE-56890

Severity (CVSS): [pill:Medium|https://www.first.org/cvss/calculator/3-1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L]

Description:

Operations Center Context Plugin 3.27808 and earlier do not apply the Authentication Mapping when listing jobs or executing Move/Copy/Promote job operations in other controllers.

This allows users on untrusted controllers to list jobs or execute Move/Copy/Promote job operations in other controllers.

Operations Center Context Plugin 3.27828 properly applies the Authentication Mapping for these operations.

[!NOTE]

These insecure operations that were allowed in previous versions will be blocked from this version. In case this is a desired behaviour, you need to modify the controller Authentication Mapping to Trusted for the affected controllers.

[/]

Severity

Fix

  • CloudBees Traditional Platforms should be upgraded to 2.528.1.29783
  • CloudBees Cloud Platforms should be upgraded to 2.528.1.29783

Subscription confirmed

You'll now be notified automatically when new vulnerabilities
are disclosed