The following flaw was found in Jenkins:
Jenkins has several API endpoints that allow low-privilege users to POST XML files that then get deserialized by Jenkins. Maliciously crafted XML files sent to these API endpoints could result in arbitrary code execution.
External References:
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-02-24
Created jenkins tracking bugs for this issue:
Affects: fedora-all [bug 1311952]
Comment 3Fedora Update System
2016-03-17 20:54:22 UTC
jenkins-1.625.3-3.fc23, jenkins-remoting-2.53.3-1.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
Comment 4Fedora Update System
2016-03-17 21:21:22 UTC
jenkins-1.609.3-6.fc22, jenkins-remoting-2.53.3-1.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.