• Type: Bug
• Resolution: Fixed
• Priority: Blocker
• Component/s: scriptler-plugin
• Labels:

  None

[JENKINS-44243] Script management vulnerable to Cross-Site Request Forgery attacks

Collapse comment: Ioannis Moutsatsos added a comment - 2017-05-25 13:41

Ioannis Moutsatsos added a comment - 2017-05-25 13:41

imod thank you for working to close several of the issues:

• -JENKINS-44242- Persistent cross-site scripting
• -JENKINS-44243- Script management vulnerable to Cross-Site Request Forgery attacks
• -JENKINS-44245- Scriptler Plugin allows any Scriptler script to be executed as build step

Any idea when will these be released into a new version of Scriptler? I think a lot of people are excited to get a new version that clears the security concerns including us that support the Active-Choices plugin, a major benefactor of the Scriptler functionality. Best regards, Ioannis

Expand comment: Ioannis Moutsatsos added a comment - 2017-05-25 13:41

Ioannis Moutsatsos added a comment - 2017-05-25 13:41 imod thank you for working to close several of the issues: - JENKINS-44242 - Persistent cross-site scripting - JENKINS-44243 - Script management vulnerable to Cross-Site Request Forgery attacks - JENKINS-44245 - Scriptler Plugin allows any Scriptler script to be executed as build step Any idea when will these be released into a new version of Scriptler? I think a lot of people are excited to get a new version that clears the security concerns including us that support the Active-Choices plugin, a major benefactor of the Scriptler functionality. Best regards, Ioannis