The following flaw was found in Jenkins: Unsafe deserialization allows unauthenticated remote attackers to run arbitrary code on the Jenkins master. This flaw could allow unauthenticated remote attackers to run arbitrary code on Jenkins. Mitigation: https://jenkins-ci.org/content/mitigating-unauthenticated-remote-code-execution-0-day-jenkins-cli External References: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11
Fixed in Fedora in: jenkins-1.609.3-3.fc22 jenkins-1.625.2-2.fc23 jenkins-1.625.2-2.fc24
CVE assignment: http://seclists.org/oss-sec/2015/q4/307
This issue has been addressed in the following products: RHEL 7 Version of OpenShift Enterprise 3.1 Via RHSA-2016:0070 https://access.redhat.com/errata/RHSA-2016:0070
This issue has been addressed in the following products: Red Hat OpenShift Enterprise 2.2 Via RHSA-2016:0489 https://rhn.redhat.com/errata/RHSA-2016-0489.html