Several administration/configuration related URLs could be accessed using GET, which allowed attackers to circumvent CSRF protection. This could allow unprivileged attackers to perform some administrative actions via CSRF. External References: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09
Created jenkins tracking bugs for this issue: Affects: fedora-all [bug 1291799]
This issue has been addressed in the following products: RHEL 7 Version of OpenShift Enterprise 3.1 Via RHSA-2016:0070 https://access.redhat.com/errata/RHSA-2016:0070
This issue has been addressed in the following products: Red Hat OpenShift Enterprise 2.2 Via RHSA-2016:0489 https://rhn.redhat.com/errata/RHSA-2016-0489.html