This affects all the releases up to 1.446 and up to 1.424.1.
The fix is released as 1.447 and 1.424.2, so please upgrade to the new
releases, especially if your Jenkins is internet facing. See [1] for
more details.
[1]
http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-01-10.cb
--
Kohsuke Kawaguchi http://kohsuke.org/