Jenkins developers fixed a critical RCE vulnerability in the popular open source automation server along with many other issues. The vulnerability could be exploited by a remote unauthenticated attacker to execute arbitrary code on the target system, a hacker just needs to send two specially crafted requests to the affected server. Jenkins developers also fixed a Login command that allowed to impersonate any Jenkins user (SECURITY-466 / CVE-2017-1000354) and an XStream issue that could cause Java crash when trying to instantiate void/Void.”]
Source: https://securityaffairs.co/wordpress/58916/hacking/jenkins-rce.html