Jenkins Pipeline in Groovy Plugin is vulnerable to arbitrary code execution attacks. This exists in the src/main/java/org/jenkinsci/plugins/workflow/cps/CpsGroovyShell.java
which allows attackers to control pipeline scripts to execute arbitrary code on the Jenkins master JVM.