CVE-2022-30951

Name of the Vulnerable Software and Affected Versions Jenkins WMI Windows Agents Plugin versions 1.8 and earlier

Description The Jenkins WMI Windows Agents Plugin includes the Windows Remote Command library, which does not implement access control. This potentially allows users to start processes even if they are not allowed to log in. The library provides a general-purpose remote command execution capability, which may allow users to execute commands on the Windows agent machine due to a buffer overflow vulnerability.

Recommendations For Jenkins WMI Windows Agents Plugin versions 1.8 and earlier, update to version 1.8.1 or later, which no longer includes the Windows Remote Command library. Ensure a Java runtime is available on agent machines, as version 1.8.1 does not install a JDK automatically.