Jenkins Security Advisory 2012-11-20 The third vulnerability is a cross-site scripting vulnerability that allows an attacker with some degree of write access in Jenkins to embed malicious JavaScript into pages generated by Jenkins. Fix: Main line users should upgrade to Jenkins 1.491 LTS users should upgrade to 1.480.1 External URLs: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2012-11-20 http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-11-20.cb
This issue has been addressed in following products: RHEL 6 Version of OpenShift Enterprise Via RHSA-2013:0220 https://rhn.redhat.com/errata/RHSA-2013-0220.html