CVE-2022-30951

EUVD-2022-4679
Jenkins WMI Windows Agents Plugin 1.8 and earlier includes the Windows Remote Command library does not implement access control, potentially allowing users to start processes even if they're not allowed to log in.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 75%
Affected Products (NVD)
VendorProductVersion
jenkinswmi_windows_agents
𝑥
< 1.8.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.openwall.com/lists/oss-security/2022/05/17/8
https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-2604
http://www.openwall.com/lists/oss-security/2022/05/17/8
https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-2604