The following flaw was found in Jenkins: An insufficient permission check allowed users with the permission to create new items (e.g. jobs) to overwrite existing items they don't have access to. After a Jenkins restart, children of the original item, such as builds, were then accessible in some circumstances. External References: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2017-02-01 Upstream patch: https://github.com/jenkinsci/jenkins/commit/4ed5c850b6855ab064a66d02fb338f366853ce89
Created jenkins tracking bugs for this issue: Affects: fedora-all [bug 1418736]