All the vulnerabilites related to Jenkins project - Jenkins WMI Windows Agents Plugin
cve-2022-30950
Vulnerability from cvelistv5
Published
2022-05-17 14:06
Modified
2024-08-03 07:03
Severity
Summary
Jenkins WMI Windows Agents Plugin 1.8 and earlier includes the Windows Remote Command library which has a buffer overflow vulnerability that may allow users able to connect to a named pipe to execute commands on the Windows agent machine.
References
| URL | Tags |
|---|---|
| https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-2604 | x_refsource_CONFIRM |
| http://www.openwall.com/lists/oss-security/2022/05/17/8 | mailing-list, x_refsource_MLIST |
Impacted products
| Vendor | Product |
|---|---|
| Jenkins project | Jenkins WMI Windows Agents Plugin |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:03:39.989Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-2604"
},
{
"name": "[oss-security] 20220517 Multiple vulnerabilities in Jenkins plugins",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/05/17/8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Jenkins WMI Windows Agents Plugin",
"vendor": "Jenkins project",
"versions": [
{
"lessThanOrEqual": "1.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Jenkins WMI Windows Agents Plugin 1.8 and earlier includes the Windows Remote Command library which has a buffer overflow vulnerability that may allow users able to connect to a named pipe to execute commands on the Windows agent machine."
}
],
"providerMetadata": {
"dateUpdated": "2023-10-24T14:21:45.093Z",
"orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"shortName": "jenkins"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-2604"
},
{
"name": "[oss-security] 20220517 Multiple vulnerabilities in Jenkins plugins",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2022/05/17/8"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"ID": "CVE-2022-30950",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Jenkins WMI Windows Agents Plugin",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "1.8"
}
]
}
}
]
},
"vendor_name": "Jenkins project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Jenkins WMI Windows Agents Plugin 1.8 and earlier includes the Windows Remote Command library which has a buffer overflow vulnerability that may allow users able to connect to a named pipe to execute commands on the Windows agent machine."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-2604",
"refsource": "CONFIRM",
"url": "https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-2604"
},
{
"name": "[oss-security] 20220517 Multiple vulnerabilities in Jenkins plugins",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2022/05/17/8"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"assignerShortName": "jenkins",
"cveId": "CVE-2022-30950",
"datePublished": "2022-05-17T14:06:12",
"dateReserved": "2022-05-16T00:00:00",
"dateUpdated": "2024-08-03T07:03:39.989Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-30951
Vulnerability from cvelistv5
Published
2022-05-17 14:06
Modified
2024-08-03 07:03
Severity
Summary
Jenkins WMI Windows Agents Plugin 1.8 and earlier includes the Windows Remote Command library does not implement access control, potentially allowing users to start processes even if they're not allowed to log in.
References
| URL | Tags |
|---|---|
| https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-2604 | x_refsource_CONFIRM |
| http://www.openwall.com/lists/oss-security/2022/05/17/8 | mailing-list, x_refsource_MLIST |
Impacted products
| Vendor | Product |
|---|---|
| Jenkins project | Jenkins WMI Windows Agents Plugin |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:03:39.955Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-2604"
},
{
"name": "[oss-security] 20220517 Multiple vulnerabilities in Jenkins plugins",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/05/17/8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Jenkins WMI Windows Agents Plugin",
"vendor": "Jenkins project",
"versions": [
{
"lessThanOrEqual": "1.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Jenkins WMI Windows Agents Plugin 1.8 and earlier includes the Windows Remote Command library does not implement access control, potentially allowing users to start processes even if they\u0027re not allowed to log in."
}
],
"providerMetadata": {
"dateUpdated": "2023-10-24T14:21:46.281Z",
"orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"shortName": "jenkins"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-2604"
},
{
"name": "[oss-security] 20220517 Multiple vulnerabilities in Jenkins plugins",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2022/05/17/8"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"ID": "CVE-2022-30951",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Jenkins WMI Windows Agents Plugin",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "1.8"
}
]
}
}
]
},
"vendor_name": "Jenkins project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Jenkins WMI Windows Agents Plugin 1.8 and earlier includes the Windows Remote Command library does not implement access control, potentially allowing users to start processes even if they\u0027re not allowed to log in."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862: Missing Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-2604",
"refsource": "CONFIRM",
"url": "https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-2604"
},
{
"name": "[oss-security] 20220517 Multiple vulnerabilities in Jenkins plugins",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2022/05/17/8"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"assignerShortName": "jenkins",
"cveId": "CVE-2022-30951",
"datePublished": "2022-05-17T14:06:14",
"dateReserved": "2022-05-16T00:00:00",
"dateUpdated": "2024-08-03T07:03:39.955Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}