Description

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows attackers with permission to create or configure various objects to inject crafted content into Old Data Monitor that results in the instantiation of potentially unsafe objects once discarded by an administrator.

Remediation

References

https://www.jenkins.io/security/advisory/2021-01-13/#SECURITY-1923

Related Vulnerabilities

CVE-2016-6636 Vulnerability in maven package org.cloudfoundry.identity:cloudfoundry-identity-login

CVE-2021-31404 Vulnerability in maven package com.vaadin:flow-server

CVE-2019-10461 Vulnerability in maven package org.jenkins-ci.plugins:dynatrace-dashboard

CVE-2023-28669 Vulnerability in maven package org.jenkins-ci.plugins:jacoco

CVE-2020-12480 Vulnerability in maven package com.typesafe.play:play_2.12

Severity

Critical

Classification

CWE-502 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Tags

Vendor Advisory