Jenkins before LTS version 2.121.3 and weekly version 2.138 are vulnerable to a denial of service.
The form validation for cron expressions (e.g. "Poll SCM", "Build periodically") could enter infinite loops when cron expressions only matching certain rare dates were entered, blocking request handling threads indefinitely.
External Reference:
https://jenkins.io/security/advisory/2018-08-15/#SECURITY-790
OpenShift Container Platform 3.x uses cgroups to limit the CPU allocated to pods by default. Any denial of service caused by this issue would be limited to the user's own Jenkins instance and won't affect other users on the same compute node.