Improper Access Control Affecting org.jenkins-ci.plugins:windows-slaves package, versions [,1.8.1)


Severity

Recommended
0.0
medium
0
10

CVSS assessment made by Snyk's Security Team. Learn more

Threat Intelligence

EPSS
0.09% (39th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk Learn

Learn about Improper Access Control vulnerabilities in an interactive lesson.

Start learning
  • Snyk IDSNYK-JAVA-ORGJENKINSCIPLUGINS-6041265
  • published2 Nov 2023
  • disclosed25 Oct 2023
  • creditKalle Niemitalo

Introduced: 25 Oct 2023

CVE-2022-30951  (opens in a new tab)
CWE-284  (opens in a new tab)

How to fix?

Upgrade org.jenkins-ci.plugins:windows-slaves to version 1.8.1 or higher.

Overview

Affected versions of this package are vulnerable to Improper Access Control in the Windows Remote Command library. Attackers can potentially start processes even if they're not allowed to log in by exploiting the lack of implemented access control.

CVSS Scores

version 3.1