jenkins-2-plugins is vulnerable to OS command injection. The vulnerability exists due to a lack of sanitization for distinct SCMs for the readTrusted step allowing an attacker with item/configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents.