CVE-2022-30950: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

May 18, 2022 (updated June 2, 2022)

Jenkins WMI Windows Agents Plugin 1.8 and earlier includes the Windows Remote Command library which has a buffer overflow vulnerability that may allow users able to connect to a named pipe to execute commands on the Windows agent machine.

References

www.openwall.com/lists/oss-security/2022/05/17/8
github.com/advisories/GHSA-xhw3-wmx2-76wf
github.com/jenkinsci/windows-slaves-plugin/commit/4638cf0e56caf839eadfdf0fab545abd2a9ac65e
nvd.nist.gov/vuln/detail/CVE-2022-30950
www.jenkins.io/security/advisory/2022-05-17/

Detect and mitigate CVE-2022-30950 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →