The following flaw was found in Jenkins: Overall/Read permission was sufficient to access node monitor data via the remote API. These included system configuration and runtime information of these nodes. External References: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2017-02-01 Upstream patch: https://github.com/jenkinsci/jenkins/commit/0f92cd08a19207de2cceb6a2f4e3e9f92fdc0899
Created jenkins tracking bugs for this issue: Affects: fedora-all [bug 1418736]