Description
Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows attackers with permission to create or configure various objects to inject crafted content into Old Data Monitor that results in the instantiation of potentially unsafe objects once discarded by an administrator.
Remediation
References
https://www.jenkins.io/security/advisory/2021-01-13/#SECURITY-1923
Related Vulnerabilities
CVE-2022-41246 Vulnerability in maven package org.jenkins-ci.plugins:ws-execution-manager
CVE-2022-4492 Vulnerability in maven package io.undertow:undertow-core
CVE-2020-17518 Vulnerability in maven package org.apache.flink:flink-runtime_2.11
CVE-2021-42697 Vulnerability in maven package com.typesafe.akka:akka-http-core_2.13
CVE-2017-2612 Vulnerability in maven package org.jenkins-ci.main:jenkins-core