access script file in Jenkins lead to rce

[shadihh9]

summery
i found bug access script file in Jenkins lead to rce and see seleniumbase
step to create
1-go to http://168.61.38.168/_script and see access script file in Jenkins lead to rce
2- and go to http://168.61.38.168/job/Test1/lastBuild/console and see seleniumbase
impact
can attacker access script file in Jenkins lead to rce

[mdmintz]

Not sure what you mean by "rce", but it's up to you to secure your own Jenkins instances.
The test_suite.py example has 4 tests (2 of which fail on purpose).