Jenkins Security Advisory 2014-02-14 notes: "CLI job creation had a directory traversal vulnerability. This allows a malicious user of Jenkins with a limited set of permissions to overwrite files in the Jenkins master and escalate privileges." Upstream fix: https://github.com/jenkinsci/jenkins/commit/ad38d8480f20ce3cbf8fec3e2003bc83efda4f7d References: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14
This issue has been addressed in the following products: Red Hat OpenShift Enterprise 2.1 Via RHBA-2014:1630 https://rhn.redhat.com/errata/RHBA-2014-1630.html