CVE-2022-30951: Missing Authorization

May 18, 2022 (updated June 2, 2022)

Jenkins WMI Windows Agents Plugin 1.8 and earlier includes the Windows Remote Command library does not implement access control, potentially allowing users to start processes even if they’re not allowed to log in.

References

www.openwall.com/lists/oss-security/2022/05/17/8
github.com/advisories/GHSA-p566-wpxx-574m
github.com/jenkinsci/windows-slaves-plugin/commit/4638cf0e56caf839eadfdf0fab545abd2a9ac65e
nvd.nist.gov/vuln/detail/CVE-2022-30951
www.jenkins.io/security/advisory/2022-05-17/

Detect and mitigate CVE-2022-30951 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →