OS Command Injection
Jenkins Play Framework Plug lets users specify the path to the play command on the Jenkins master for a form validation endpoint, resulting in an OS command injection vulnerability exploitable by users able to store such a file on the Jenkins master.