CVE-2021-21604
maven/org.jenkins-ci.main/jenkins-core
Deserialization of Untrusted Data
Jenkins allows attackers with permission to create or configure various objects to inject crafted content into Old Data Monitor that results in the instantiation of potentially unsafe objects once discarded by an administrator.
All versions after 2.263.1 up to 2.274
Unfortunately, there is no solution available yet.
2021-01-18
source |