jenkins is vulnerable to XML external entity attacks. The vulnerability allows users with the read access to Jenkins to retrieve arbitrary XML document on the server, resulting in the exposure of sensitive information inside/outside Jenkins.
access.redhat.com/security/updates/classification/#important
bugzilla.redhat.com/show_bug.cgi?id=1062253
bugzilla.redhat.com/show_bug.cgi?id=1128567
bugzilla.redhat.com/show_bug.cgi?id=1130028
bugzilla.redhat.com/show_bug.cgi?id=1138522
bugzilla.redhat.com/show_bug.cgi?id=1152524
bugzilla.redhat.com/show_bug.cgi?id=1160699
bugzilla.redhat.com/show_bug.cgi?id=1171815
bugzilla.redhat.com/show_bug.cgi?id=1191283
bugzilla.redhat.com/show_bug.cgi?id=1197123
bugzilla.redhat.com/show_bug.cgi?id=1197576
bugzilla.redhat.com/show_bug.cgi?id=1205625
bugzilla.redhat.com/show_bug.cgi?id=1216206
bugzilla.redhat.com/show_bug.cgi?id=1217572
bugzilla.redhat.com/show_bug.cgi?id=1221931
bugzilla.redhat.com/show_bug.cgi?id=1225943
bugzilla.redhat.com/show_bug.cgi?id=1226061
bugzilla.redhat.com/show_bug.cgi?id=1227501
bugzilla.redhat.com/show_bug.cgi?id=1228373
bugzilla.redhat.com/show_bug.cgi?id=1229300
bugzilla.redhat.com/show_bug.cgi?id=1232827
bugzilla.redhat.com/show_bug.cgi?id=1232921
bugzilla.redhat.com/show_bug.cgi?id=1241750
bugzilla.redhat.com/show_bug.cgi?id=1257757
bugzilla.redhat.com/show_bug.cgi?id=1264039
bugzilla.redhat.com/show_bug.cgi?id=1264210
bugzilla.redhat.com/show_bug.cgi?id=1264216
jenkins.io/security/advisory/2015-02-27/
rhn.redhat.com/errata/RHSA-2015-1844.html