191.vcb_f183ce58b_9
amuniz
released this
16 Mar 11:08
·
40 commits
to master
since this release
🐛 Bug fixes
- [SECURITY-2351] CVE-2022-27198 (CSRF), CVE-2022-27199 (permission check)
CloudBees AWS Credentials Plugin 189.v3551d5642995 and earlier does not perform a permission check in a method implementing form validation. Additionally, this form validation method does not require POST requests, resulting in a cross-site request forgery (CSRF) vulnerability.