Description
A code execution vulnerability exists in the Stapler web framework used by Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in stapler/core/src/main/java/org/kohsuke/stapler/MetaClass.java that allows attackers to invoke some methods on Java objects by accessing crafted URLs that were not intended to be invoked this way.
Remediation
References
Related Vulnerabilities
MySQL Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2016-6664)
WordPress Plugin Kadence WooCommerce Email Designer PHP Object Injection (1.5.6)
Drupal CVE-2020-28949 Vulnerability (CVE-2020-28949)
WordPress Plugin Countdown and CountUp, WooCommerce Sales Timer Cross-Site Request Forgery (1.5.7)