Description
Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows attackers with permission to create or configure various objects to inject crafted content into Old Data Monitor that results in the instantiation of potentially unsafe objects once discarded by an administrator.
Remediation
References
https://www.jenkins.io/security/advisory/2021-01-13/#SECURITY-1923
Related Vulnerabilities
CVE-2020-2228 Vulnerability in maven package org.jenkins-ci.plugins:gitlab-oauth
CVE-2016-0709 Vulnerability in maven package org.apache.portals.jetspeed-2:j2-admin
CVE-2023-24444 Vulnerability in maven package org.jenkins-ci.plugins:openid
CVE-2019-10445 Vulnerability in maven package org.jenkins-ci.plugins:google-kubernetes-engine
CVE-2023-50730 Vulnerability in maven package edu.gemini:gsp-graphql-core_3