Description
Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows attackers with permission to create or configure various objects to inject crafted content into Old Data Monitor that results in the instantiation of potentially unsafe objects once discarded by an administrator.
Remediation
References
https://www.jenkins.io/security/advisory/2021-01-13/#SECURITY-1923
Related Vulnerabilities
CVE-2019-10422 Vulnerability in maven package org.ukiuni.callotherjenkins:call-remote-job-plugin
CVE-2018-15685 Vulnerability in maven package org.webjars.npm:electron
CVE-2012-5783 Vulnerability in maven package commons-httpclient:commons-httpclient
CVE-2020-1952 Vulnerability in maven package org.apache.iotdb:iotdb-server
CVE-2021-38555 Vulnerability in maven package org.apache.any23:apache-any23-core