Description
Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows attackers with permission to create or configure various objects to inject crafted content into Old Data Monitor that results in the instantiation of potentially unsafe objects once discarded by an administrator.
Remediation
References
https://www.jenkins.io/security/advisory/2021-01-13/#SECURITY-1923
Related Vulnerabilities
CVE-2016-0714 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core
CVE-2020-2207 Vulnerability in maven package org.jenkins-ci.plugins:vncviewer
CVE-2015-0226 Vulnerability in maven package org.apache.wss4j:wss4j-ws-security-dom
CVE-2019-16564 Vulnerability in maven package com.paul8620.jenkins.plugins:pipeline-aggregator-view
CVE-2011-2487 Vulnerability in maven package org.apache.cxf:cxf