Hi Moritz, If I'm not mistaken this vulnerability is actually linked to a dangerous deserialization in commons-collections if the input isn't properly sanitized. I intend to upload a modification of commons-collections to address this issue in Jenkins and the other applications potentially affected.
Emmanuel Bourg