The following flaw was found in Jenkins:
A missing permissions check allowed any user with access to Jenkins to trigger an update of update site metadata. This could be combined with DNS cache poisoning to disrupt Jenkins service.
External References:
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11
This issue has been addressed in the following products:
Red Hat OpenShift Enterprise 3.2
Red Hat OpenShift Enterprise 3.1
Via RHSA-2016:1206 https://access.redhat.com/errata/RHSA-2016:1206