Jenkins Security Advisory SECURITY-144 notes:
Build slave processes can execute arbitrary code on Jenkins master, which makes Jenkins vulnerable from attacks that go through its build slaves.
Red Hat would like to thank the Jenkins project for reporting this issue.
Accidentally closed this bug, it is not yet fixed by upstream.
This issue is public now:
This issue has been addressed in the following products:
Red Hat OpenShift Enterprise 2.1
Via RHBA-2014:1630 https://rhn.redhat.com/errata/RHBA-2014-1630.html