This advisory announces a security advisory in Jenkins core.
An attacker without any access to Jenkins can navigate the user to a carefully crafted URL and have the user execute unintended actions. This vulnerability can be used to attack Jenkins inside firewalls from outside so long as the location of Jenkins is known to the attacker.
SECURITY-171/SECURITY-177 is rated high. It is a passive attack, but it can result in a compromise of the Jenkins controller or loss of data.
SECURITY-180 is rated critical. This attack can be mounted by any unauthenticated user, and it results in a compromise of the Jenkins controller or loss of data.
The Jenkins project would like to thank the following people for finding the vulnerabilities:
Jesse Glick for finding SECURITY-171
Luca Carettoni for finding SECURITY-177
Missoum Said for finding SECURITY-180