The fix is released as 1.438 and 1.409.3, so please upgrade to the new
releases. See [1] for more details.
[1]
http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2011-11-08.cb
--
Kohsuke Kawaguchi http://kohsuke.org/