CVE-2022-30950

Name of the Vulnerable Software and Affected Versions Jenkins WMI Windows Agents Plugin versions 1.8 and earlier

Description The issue is related to a buffer overflow vulnerability in the Windows Remote Command library included in the Jenkins WMI Windows Agents Plugin. This vulnerability may allow users who can connect to a named pipe to execute commands on the Windows agent machine. The library provides a remote command execution capability used by Jenkins to check for and install Java if it's not available. Additionally, the library lacks access control, potentially allowing users to start processes even if they are not permitted to log in.

Recommendations For Jenkins WMI Windows Agents Plugin versions 1.8 and earlier, update to version 1.8.1 or later, which no longer includes the vulnerable Windows Remote Command library. Note that version 1.8.1 requires a Java runtime to be available on agent machines and does not install a JDK automatically if it's missing.