Description
Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows attackers with permission to create or configure various objects to inject crafted content into Old Data Monitor that results in the instantiation of potentially unsafe objects once discarded by an administrator.
Remediation
References
https://www.jenkins.io/security/advisory/2021-01-13/#SECURITY-1923
Related Vulnerabilities
CVE-2023-29516 Vulnerability in maven package org.xwiki.platform:xwiki-platform-attachment-ui
CVE-2022-24785 Vulnerability in maven package org.webjars.bowergithub.moment:moment
CVE-2021-33829 Vulnerability in npm package ckeditor4
CVE-2016-5393 Vulnerability in maven package org.apache.hadoop:hadoop-common
CVE-2014-0094 Vulnerability in maven package org.apache.struts:struts2-core