The following flaw was found in Jenkins:
The Pipeline suite of plugins stored build metadata in the file program.dat and the directory workflow/. These were not blacklisted in the agent-to-master security subsystem and could therefore be written to by malicious agents.
Created jenkins tracking bugs for this issue:
Affects: fedora-all [bug 1418736]