The system groovy script, OTOH, runs inside the Hudson master's JVM. Thus it will have access to all the internal objects of Hudson, so you can use this to alter the state of Hudson.
Token macro plugin support
Groovy plugin provides support for Token Macro Plugin.
If token macro processing via Token Macro Plugin is allowed, the evaluation of macro is done in System Groovy, therefore <span style="color:red"><any user can run arbitrary system script</u></span>, regardless he has administer permission!
Release 1.7 (2011-03-09)
Release 1.6 (2011-02-08)
- Fixed security issue