Description
Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows attackers with permission to create or configure various objects to inject crafted content into Old Data Monitor that results in the instantiation of potentially unsafe objects once discarded by an administrator.
Remediation
References
https://www.jenkins.io/security/advisory/2021-01-13/#SECURITY-1923
Related Vulnerabilities
CVE-2023-44981 Vulnerability in maven package org.apache.zookeeper:zookeeper
CVE-2009-0781 Vulnerability in maven package org.apache.tomcat:catalina
CVE-2021-31811 Vulnerability in maven package org.apache.pdfbox:pdfbox
CVE-2023-36477 Vulnerability in maven package org.xwiki.contrib:application-ckeditor-ui
CVE-2010-1244 Vulnerability in maven package org.apache.activemq:activemq-web