jenkins -- slave-originated arbitrary code execution on master servers

Kohsuke Kawaguchi from Jenkins team reports:

Historically, Jenkins master and slaves behaved as if
they altogether form a single distributed process. This
means a slave can ask a master to do just about anything
within the confinement of the operating system, such as
accessing files on the master or trigger other jobs on
Jenkins.
This has increasingly become problematic, as larger
enterprise deployments have developed more sophisticated
trust separation model, where the administators of a master
might take slaves owned by other teams. In such an
environment, slaves are less trusted than the master.
Yet the “single distributed process” assumption was not
communicated well to the users, resulting in vulnerabilities
in some deployments.
SECURITY-144 (CVE-2014-3665) introduces a new subsystem
to address this problem. This feature is off by default for
compatibility reasons. See Wiki for more details, who should
turn this on, and implications.
CVE-2014-3566 is rated high. It only affects
installations that accept slaves from less trusted
computers, but this will allow an owner of of such slave to
mount a remote code execution attack on Jenkins.