The following flaw was found in Jenkins:
The XML/JSON API endpoints providing information about installed plugins were missing permissions checks, allowing any user with read access to Jenkins to determine which plugins and versions were installed.
External References:
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11
This issue has been addressed in the following products:
Red Hat OpenShift Enterprise 3.2
Red Hat OpenShift Enterprise 3.1
Via RHSA-2016:1206 https://access.redhat.com/errata/RHSA-2016:1206