CVE-2021-21604

Name
CVE-2021-21604
Description
Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows attackers with permission to create or configure various objects to inject crafted content into Old Data Monitor that results in the instantiation of potentially unsafe objects once discarded by an administrator.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Vendor Advisory https://www.jenkins.io/security/advisory/2021-01-13/#SECURITY-1923

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:* jenkins >= None <= 2.263.1
cpe:2.3:a:jenkins:jenkins:*:*:*:*:-:*:*:* jenkins >= None <= 2.274

Vulnerable and fixed packages

Source package Branch Version Maintainer Status