The following flaw was found in Jenkins: Jenkins has several API endpoints that allow low-privilege users to POST XML files that then get deserialized by Jenkins. Maliciously crafted XML files sent to these API endpoints could result in arbitrary code execution. External References: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-02-24
Created jenkins tracking bugs for this issue: Affects: fedora-all [bug 1311952]
jenkins-1.625.3-3.fc23, jenkins-remoting-2.53.3-1.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
jenkins-1.609.3-6.fc22, jenkins-remoting-2.53.3-1.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.
This issue has been addressed in the following products: Red Hat OpenShift Enterprise 3.1 Via RHSA-2016:0711 https://access.redhat.com/errata/RHSA-2016:0711
This issue has been addressed in the following products: Red Hat OpenShift Enterprise 2.2 Via RHSA-2016:1773 https://rhn.redhat.com/errata/RHSA-2016-1773.html