If token macro processing via Token Macro Plugin is allowed, the evaluation of macro is done in System Groovy, therefore any user can run arbitrary system script, regardless he has administer permission!
- Expansion of job parameters (JENKINS-10525)
- Full access to JAVA_OPTS (i.e. parameters like -Xmx can be set up)
- Editable class path