So, to exploit this, someone needs to have setup a Jenkins that allows unauthenticated users to execute a pipeline that uses the git parameters plugin to chose the branch/tag at execution time.
I can’t think of a good reason to do that that doesnt open up a ton of other risks.
threaded - newest
Unauthenticated Jenkins is just RCE as a Service right?
Edit:
www.vulncheck.com/blog/git-parameter-rce
So, to exploit this, someone needs to have setup a Jenkins that allows unauthenticated users to execute a pipeline that uses the git parameters plugin to chose the branch/tag at execution time.
I can’t think of a good reason to do that that doesnt open up a ton of other risks.