The following flaw was found in Jenkins:
Agents that were disconnected by users contained the disconnecting user's User object in serialized form in the config.xml remote API output. This could leak sensitive data such as API tokens.
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):