I got e-mail of this via cloudbees but wanted to make sure that list members
were also aware (I didn't see one):
http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-11-20.cb
Excerpt from security announcement link above:
Severity:
CloudBees rates these vulnerabilities as high, when combined, as they allow
malicious users to gain unauthorized access to the information and impersonate
the administrator of the system. On the other hands, this attack can be only
mounted passively, and the attacker needs to know the URL of your Jenkins
installations.
Fix:
*Main line users should upgrade to Jenkins 1.491
*LTS users should upgrade to 1.480.1
Request to Cloudbees: please send a notification of this out on the Jenkins
user list too