CVE-2022-30950: 
Java vulnerability analysis and mitigation

CVE-2022-30950 is a buffer overflow vulnerability discovered in the Windows Remote Command library included in Jenkins WMI Windows Agents Plugin versions 1.8 and earlier. The vulnerability was disclosed on May 17, 2022, affecting the plugin's remote command execution capability that Jenkins uses to check Java availability and installation (Jenkins Advisory).

The vulnerability exists in the Windows Remote Command library, which provides general-purpose remote command execution functionality. The library contains a buffer overflow vulnerability that could be exploited by users who have access to a named pipe. The vulnerability has been assigned a Medium severity rating according to CVSS v3.1 with a base score of 8.8 HIGH (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) (NVD).

If exploited, this vulnerability allows users with access to a named pipe to execute commands on the Windows agent machine. The impact is particularly significant as it could lead to unauthorized command execution in the Windows environment (Jenkins Advisory).

The vulnerability has been fixed in WMI Windows Agents Plugin version 1.8.1, which removes the Windows Remote Command library entirely. In the updated version, a Java runtime is expected to be available on agent machines, and the plugin no longer attempts to install JDK automatically. Organizations using affected versions should upgrade to version 1.8.1 immediately (Jenkins Advisory).