This advisory announces a vulnerability in the Maven Pipeline Plugin 0.6.
Due to an improperly performed plugin release, version 0.6 of the Maven Pipeline Plugin is still affected by the vulnerability originally announced in the 2017-03-07 security advisory:
The Maven Pipeline Plugin allowed users to copy and read arbitrary files accessible from the Jenkins controller process in a Pipeline script by specifying that file’s path on the Jenkins controller as
Maven Pipeline Plugin version 0.6 and earlier, and 2.0-beta-5 and earlier. 2.0-beta-6 has been released correctly.