A pair of security vulnerabilities have been discovered in Jenkins, a popular open-source automation server, that could allow attackers to read arbitrary files from the Jenkins controller file system and potentially lead to remote code execution (RCE).
https://cybersecuritynews.com/jenkins-vulnerability/