Reported by Jesse Glick: Multiple CSRF flaws exist in Jenkins, one allows remote users with the "ADMINISTER" privilege to run Jelly scripts which would allow arbitrary Java code execution.
This is now public External References: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-05-02 https://issues.jenkins-ci.org/browse/SECURITY-63 https://issues.jenkins-ci.org/browse/SECURITY-69
This issue has been addressed in following products: Red Hat OpenShift Enterprise 1.2 Via RHEA-2013:1032 https://rhn.redhat.com/errata/RHEA-2013-1032.html