[jbverschoor]

Depending on the implementation of your job framework you can either:

- run jobs that aren’t supposed to run (removing an account for example, is that’s scheduled after a 2 week grace period) maybe an export or import job. Can be anything of course

- if your job runner allows scripts, or arbitrary class methods, you can do whatever you want

- you can remove jobs if you feel like it

- if you can escape redis because of whatever exploit, you now have access to the internal network

In general I use sidekiq, but resque and inspired implementations generally work on simply calling perform(), so any class with such a method can be called, depending on the typesystem.

The biggest two issues are the ability to perform any defined task, and the larger attack surface of an exposed redis server