Jenkins Security Advisory SECURITY-144 notes: Build slave processes can execute arbitrary code on Jenkins master, which makes Jenkins vulnerable from attacks that go through its build slaves.
Acknowledgements: Red Hat would like to thank the Jenkins project for reporting this issue.
Accidentally closed this bug, it is not yet fixed by upstream.
This issue is public now: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-30
This issue has been addressed in the following products: Red Hat OpenShift Enterprise 2.1 Via RHBA-2014:1630 https://rhn.redhat.com/errata/RHBA-2014-1630.html