So, to exploit this, someone needs to have setup a Jenkins that allows unauthenticated users to execute a pipeline that uses the git parameters plugin to chose the branch/tag at execution time.
I can’t think of a good reason to do that that doesnt open up a ton of other risks.
Unauthenticated Jenkins is just RCE as a Service right?
Edit:
https://www.vulncheck.com/blog/git-parameter-rce
So, to exploit this, someone needs to have setup a Jenkins that allows unauthenticated users to execute a pipeline that uses the git parameters plugin to chose the branch/tag at execution time.
I can’t think of a good reason to do that that doesnt open up a ton of other risks.