The following flaw was found in Jenkins: The Pipeline suite of plugins stored build metadata in the file program.dat and the directory workflow/. These were not blacklisted in the agent-to-master security subsystem and could therefore be written to by malicious agents. External References: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2017-02-01 Upstream patch: https://github.com/jenkinsci/jenkins/commit/414ff7e30aba66bed18c4ee8a8660fb36fc8c655
Created jenkins tracking bugs for this issue: Affects: fedora-all [bug 1418736]