4.2

CVSS Score

3.1

Basic Information

CVE ID

CVE-2022-30951

GHSA ID

GHSA-p566-wpxx-574m

EPSS Score

0.74815%

CWE

CWE-862

Published

5/18/2022

Updated

1/28/2023

KEV Status

Technology

Java

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2022-30951

CVE-2022-30951: Missing Authorization in Jenkins WMI Windows Agents plugin

WMI Windows Agents Plugin 1.8 and earlier includes the Windows Remote Command library. It provides a general-purpose remote command execution capability that Jenkins uses to check if Java is available, and if not, to install it.

This library has a buffer overflow vulnerability that may allow users able to connect to a named pipe to execute commands on the Windows agent machine.

Additionally, while the processes are started as the user who connects to the named pipe, no access control takes place, potentially allowing users to start processes even if they’re not allowed to log in.

WMI Windows Agents Plugin 1.8.1 no longer includes the Windows Remote Command library. A Java runtime is expected to be available on agent machines and WMI Windows Agents Plugin 1.8.1 does not install a JDK automatically otherwise.

(GitHub Advisory)

4.2

CVSS Score

3.1

Basic Information

CVE ID

CVE-2022-30951

GHSA ID

GHSA-p566-wpxx-574m

EPSS Score

0.74815%

CWE

CWE-862

Published

5/18/2022

Updated

1/28/2023

KEV Status

Technology

Java

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
org.jenkins-ci.plugins:windows-slaves	maven	< 1.8.1	1.8.1

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stemmed from the Windows Remote Command library (removed in the patch). Key evidence includes:

The commit removes all references to WindowsRemoteProcessLauncher and associated JDK installation logic
The deleted WindowsRemoteFileSystem/WindowsRemoteLauncher classes handled insecure remote operations
The pre-patch ManagedWindowsServiceLauncher.java explicitly used WindowsRemoteProcessLauncher to execute commands via named pipes
Advisory descriptions match the removed functionality (buffer overflow in pipe communication, lack of access control) The high confidence comes from direct code removal evidence and vulnerability characteristics matching the deleted functionality.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

WMI Win*ows ***nts Plu*in *.* *n* **rli*r in*lu**s t** Win*ows R*mot* *omm*n* li*r*ry. It provi**s * **n*r*l-purpos* r*mot* *omm*n* *x**ution **p**ility t**t J*nkins us*s to ****k i* J*v* is *v*il**l*, *n* i* not, to inst*ll it. T*is li*r*ry **s * *

Reasoning

T** vuln*r**ility st*mm** *rom t** Win*ows R*mot* *omm*n* li*r*ry (r*mov** in t** p*t**). K*y *vi**n** in*lu**s: *. T** *ommit r*mov*s *ll r***r*n**s to Win*owsR*mot*Pro**ssL*un***r *n* *sso*i*t** J*K inst*ll*tion lo*i* *. T** **l*t** Win*owsR*mot**i

4.2

Basic Information

Concerned about an active attack path?

CVE-2022-30951: Missing Authorization in Jenkins WMI Windows Agents plugin

4.2

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI