CVE-2022-30951
https://notcve.org/view.php?id=CVE-2022-30951
Jenkins WMI Windows Agents Plugin 1.8 and earlier includes the Windows Remote Command library does not implement access control, potentially allowing users to start processes even if they're not allowed to log in. El plugin Jenkins WMI Windows Agents versiones 1.8 y anteriores, incluyen la librería Windows Remote Command no implementa el control de acceso, permitiendo potencialmente a usuarios iniciar procesos incluso si no presentan permiso para iniciar sesión • http://www.openwall.com/lists/oss-security/2022/05/17/8 https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-2604 • CWE-862: Missing Authorization •
CVE-2022-30950
https://notcve.org/view.php?id=CVE-2022-30950
Jenkins WMI Windows Agents Plugin 1.8 and earlier includes the Windows Remote Command library which has a buffer overflow vulnerability that may allow users able to connect to a named pipe to execute commands on the Windows agent machine. El plugin Jenkins WMI Windows Agents versiones 1.8 y anteriores, incluye la biblioteca Windows Remote Command que presenta una vulnerabilidad de desbordamiento de búfer que puede permitir a usuarios capaces de conectarse a una tubería con nombre ejecutar comandos en la máquina del agente Windows • http://www.openwall.com/lists/oss-security/2022/05/17/8 https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-2604 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •