Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows attackers with permission to create or configure various objects to inject crafted content into Old Data Monitor that results in the instantiation of potentially unsafe objects once discarded by an administrator.
https://www.jenkins.io/security/advisory/2021-01-13/#SECURITY-1923
Source: MITRE
Published: 2021-01-13
Updated: 2021-01-15
Type: CWE-502
Base Score: 6
Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P
Impact Score: 6.4
Exploitability Score: 6.8
Severity: MEDIUM
Base Score: 8
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Impact Score: 5.9
Exploitability Score: 2.1
Severity: HIGH