Description
Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows attackers with permission to create or configure various objects to inject crafted content into Old Data Monitor that results in the instantiation of potentially unsafe objects once discarded by an administrator.
Remediation
References
https://www.jenkins.io/security/advisory/2021-01-13/#SECURITY-1923
Related Vulnerabilities
CVE-2019-8331 Vulnerability in npm package bootstrap
CVE-2020-9491 Vulnerability in maven package org.apache.nifi:nifi-bootstrap
CVE-2013-2254 Vulnerability in maven package org.apache.sling:org.apache.sling.servlets.post
CVE-2023-4759 Vulnerability in maven package org.eclipse.jgit:org.eclipse.jgit
CVE-2020-2223 Vulnerability in maven package org.jenkins-ci.main:jenkins-core