Jenkins Incorrect Permission Assignment for Critical Resource Vulnerability - CVE-2017-2612
In Jenkins before versions 2.44 2.32.2 low privilege users were able to override JDK download credentials (SECURITY-392) resulting in future builds possibly failing to download a JDK.