Description
Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows attackers with permission to create or configure various objects to inject crafted content into Old Data Monitor that results in the instantiation of potentially unsafe objects once discarded by an administrator.
Remediation
References
https://www.jenkins.io/security/advisory/2021-01-13/#SECURITY-1923
Related Vulnerabilities
CVE-2016-6636 Vulnerability in maven package org.cloudfoundry.identity:cloudfoundry-identity-login
CVE-2021-31404 Vulnerability in maven package com.vaadin:flow-server
CVE-2019-10461 Vulnerability in maven package org.jenkins-ci.plugins:dynatrace-dashboard
CVE-2023-28669 Vulnerability in maven package org.jenkins-ci.plugins:jacoco
CVE-2020-12480 Vulnerability in maven package com.typesafe.play:play_2.12