Roman Nahornyi

**Name of the Vulnerable Software and Affected Versions** Jenkins Git Parameter Plugin versions 439.vb 0e46ca 14534 and earlier **Description** The Jenkins Git Parameter Plugin does not validate the Git parameter value submitted to a build against the offered choices. This allows attackers with Item/Build permissions to inject arbitrary values into Git parameters, potentially leading to command execution. Reports indicate approximately 15,000 Jenkins servers are potentially at risk, with some exposed without authentication. The vulnerability allows for remote code execution (RCE) and could lead to full system compromise, data leakage, and supply chain attacks. The `BRANCH PARAM` variable is an example of a parameter susceptible to injection. Attackers can leverage Git to execute commands. The API endpoint `/job/buildName/build` is involved in the exploitation process, utilizing parameters like `Jenkins-Crumb` and `BRANCH PARAM`. **Recommendations** Update the Jenkins Git Parameter Plugin to version 444.vca b 84d3703c2 or later. Verify that the bypass flag `-Dnet.uaznia.lukanus.hudson.plugins.gitparameter.GitParameterDefinition.allowAnyParameterValue=true` is not enabled. Perform an audit of the Jenkins configuration to disable unnecessary plugins.