Description

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows attackers with permission to create or configure various objects to inject crafted content into Old Data Monitor that results in the instantiation of potentially unsafe objects once discarded by an administrator.

Remediation

References

CVE-2021-21604

Related Vulnerabilities

WordPress Plugin Brizy-Page Builder Security Bypass (1.0.113)

WordPress Plugin Like Button Rating-LikeBtn Security Bypass (2.5.3)

Jenkins Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2023-43497)

WordPress Plugin ChimpMate-WordPress MailChimp Assistant Local File Inclusion (1.3.2)

YOURLS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-27388)

Severity

High

Classification

CVE-2021-21604 CWE-502 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities