Kalle Niemitalo

**Name of the Vulnerable Software and Affected Versions** NuGet versions 6.6.0 and earlier NuGet versions 6.5.0 and earlier NuGet versions 6.4.1 and earlier NuGet versions 6.3.2 and earlier NuGet versions 6.2.3 and earlier NuGet versions 6.0.4 and earlier NuGet version 5.11.4 .NET SDK versions 7.0.106 and earlier, or 7.0.303 and earlier .NET SDK versions 6.0.117 and earlier, or 6.0.312 and earlier, or 6.0.409 and earlier **Description** A vulnerability exists in NuGet and .NET on Linux, where a potential race condition can lead to a symlink attack. This issue allows a remote attacker to execute arbitrary code. The vulnerability is related to errors in synchronization when using a shared resource. Non-Linux platforms are not affected. **Recommendations** If you're using NuGet.exe 6.6.0 or lower, download and install 6.6.1 from https://dist.nuget.org/win-x86-commandline/v6.6.1/nuget.exe. If you're using NuGet.exe 6.5.0 or lower, download and install 6.5.1 from https://dist.nuget.org/win-x86-commandline/v6.5.1/nuget.exe. If you're using NuGet.exe 6.4.1 or lower, download and install 6.4.2 from https://dist.nuget.org/win-x86-commandline/v6.4.2/nuget.exe. If you're using NuGet.exe 6.3.2 or lower, download and install 6.3.3 from https://dist.nuget.org/win-x86-commandline/v6.3.3/nuget.exe. If you're using NuGet.exe 6.2.3 or lower, download and install 6.2.4 from https://dist.nuget.org/win-x86-commandline/v6.2.4/nuget.exe. If you're using NuGet.exe 6.0.4 or lower, download and install 6.0.5 from https://dist.nuget.org/win-x86-commandline/v6.0.5/nuget.exe. If you're using NuGet.exe 5.11.4 or lower, download and install 5.11.5 from https://dist.nuget.org/win-x86-commandline/v5.11.5/nuget.exe. If you're using .NET 7.0, download and install Runtime 7.0.7 or SDK 7.0.107 or SDK 7.0.304 from https://dotnet.microsoft.com/download/dotnet-core/7.0. If you're using .NET 6.0, download and install Runtime 6.0.18 or SDK 6.0.118 or SDK 6.0.312 from https://dotnet.microsoft.com/download/dotnet-core/6.0.

**Name of the Vulnerable Software and Affected Versions** Jenkins WMI Windows Agents Plugin versions 1.8 and earlier **Description** The issue is related to a buffer overflow vulnerability in the Windows Remote Command library included in the Jenkins WMI Windows Agents Plugin. This vulnerability may allow users who can connect to a named pipe to execute commands on the Windows agent machine. The library provides a remote command execution capability used by Jenkins to check for and install Java if it's not available. Additionally, the library lacks access control, potentially allowing users to start processes even if they are not permitted to log in. **Recommendations** For Jenkins WMI Windows Agents Plugin versions 1.8 and earlier, update to version 1.8.1 or later, which no longer includes the vulnerable Windows Remote Command library. Note that version 1.8.1 requires a Java runtime to be available on agent machines and does not install a JDK automatically if it's missing.

**Name of the Vulnerable Software and Affected Versions** Jenkins WMI Windows Agents Plugin versions 1.8 and earlier **Description** The Jenkins WMI Windows Agents Plugin includes the Windows Remote Command library, which does not implement access control. This potentially allows users to start processes even if they are not allowed to log in. The library provides a general-purpose remote command execution capability, which may allow users to execute commands on the Windows agent machine due to a buffer overflow vulnerability. **Recommendations** For Jenkins WMI Windows Agents Plugin versions 1.8 and earlier, update to version 1.8.1 or later, which no longer includes the Windows Remote Command library. Ensure a Java runtime is available on agent machines, as version 1.8.1 does not install a JDK automatically.

Name of the Vulnerable Software and Affected Versions: Jenkins Warnings Next Generation Plugin versions 1.0.1 and earlier Description: A cross-site scripting issue exists that allows attackers with the ability to control warnings parser input to have Jenkins render arbitrary HTML. This is due to vulnerabilities in several Java files, including `DetailsTableModel.java`, `SourceDetail.java`, `SourcePrinter.java`, `Sanitizer.java`, and `DuplicateCodeScanner.java`. Recommendations: For Jenkins Warnings Next Generation Plugin versions 1.0.1 and earlier, consider disabling the plugin until a patch is available to prevent potential exploitation. Restrict access to the warnings parser input to minimize the risk of arbitrary HTML rendering.

**Name of the Vulnerable Software and Affected Versions** Jenkins HTML Publisher Plugin versions 1.15 and older **Description** A path traversal issue exists in the HtmlPublisherTarget.java file, allowing attackers who can configure the HTML Publisher build step to override arbitrary files on the Jenkins master. This issue is related to the handling of report names, which in vulnerable versions do not properly escape non-alphanumeric characters for use as part of a URL and as a directory name. **Recommendations** For Jenkins HTML Publisher Plugin versions 1.15 and older, update to version 1.16 or newer, which escapes non-alphanumeric characters in report names for use as part of a URL and as a directory name, addressing the path traversal issue.