We have received a report of a possible unauthenticated remote code execution vulnerability in Jenkins (all versions).
We strongly advise anyone running a Jenkins instance on a public network disable the CLI for now.
As this uses the same attack vector as SECURITY-218, you can reuse the script and instructions published in this repository:
https://github.com/jenkinsci-cert/SECURITY-218
I will update this thread when we have more information.