Reported by Jesse Glick: The build description can contain an HTML link directive which will load a remote stylesheet. Attackers require the ability to create/modify jobs/builds in order to modify the build description.
This is now public. External references: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-05-02 https://issues.jenkins-ci.org/browse/SECURITY-67
This issue has been addressed in following products: Red Hat OpenShift Enterprise 1.2 Via RHEA-2013:1032 https://rhn.redhat.com/errata/RHEA-2013-1032.html