A user can see a job (or a build) of a project whose he is not member of.
Let's assume the job 'develop' has been declared on a projet P2.
As a member of a projet P1 (and not P2), if I create a reference 'job #develop' inside an artefact, the system build a link on its job. If I click on this link, the page (action=view_job) display the URL of the job.
I should not see this page since I'm not member of this project.
This issue is especially critic in the (usual) case the URL contains jenkins personal credential (http://username