Description
Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows attackers with permission to create or configure various objects to inject crafted content into Old Data Monitor that results in the instantiation of potentially unsafe objects once discarded by an administrator.
Remediation
References
https://www.jenkins.io/security/advisory/2021-01-13/#SECURITY-1923
Related Vulnerabilities
CVE-2013-2055 Vulnerability in maven package org.apache.wicket:wicket-core
CVE-2020-9486 Vulnerability in maven package org.apache.nifi:nifi-security-utils
CVE-2023-25571 Vulnerability in npm package @backstage/catalog-model
CVE-2017-5645 Vulnerability in maven package org.apache.logging.log4j:log4j
CVE-2012-0022 Vulnerability in maven package tomcat:tomcat-util