A user of cloudbees-template somehow wound up with a template that specified a publisher in the <builders> section of a config.xml template. When Jenkins was next restarted, the job failed to load. The log file shows

java.lang.ClassCastException: hudson.plugins.descriptionsetter.DescriptionSetterPublisher cannot be cast to hudson.tasks.Builder
    at hudson.model.Project.createTransientActions(Project.java:237)
    at hudson.model.AbstractProject.updateTransientActions(AbstractProject.java:743)
    at hudson.model.AbstractProject.onLoad(AbstractProject.java:332)
    at hudson.model.Project.onLoad(Project.java:95)
    at hudson.model.Items.load(Items.java:279)
    at jenkins.model.Jenkins$17.run(Jenkins.java:2656)
    at ...

The CCE seems to be in

for (BuildStep step : getBuildersList()) {

meaning that the builders field in config.xml contained something that was not a Builder. As far as I know this remains vulnerable in Jenkins trunk despite the recent fix of JENKINS-22811 in adjoining code. Probably onLoad needs to scan the list for illegal elements, and if it finds any, remove them and call OldDataMonitor.report. (This could be a utility method in DescribableList.)