Description
Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows attackers with permission to create or configure various objects to inject crafted content into Old Data Monitor that results in the instantiation of potentially unsafe objects once discarded by an administrator.
Remediation
References
https://www.jenkins.io/security/advisory/2021-01-13/#SECURITY-1923
Related Vulnerabilities
CVE-2019-10376 Vulnerability in maven package org.jenkins-ci.plugins:jenkinswalldisplay
CVE-2023-39685 Vulnerability in maven package org.hjson:hjson
CVE-2019-16563 Vulnerability in maven package tech.andrey.jenkins:mission-control-view
CVE-2015-0254 Vulnerability in maven package org.apache.taglibs:taglibs-standard-impl
CVE-2012-5575 Vulnerability in maven package org.apache.cxf:cxf-bundle