Home

CVE-2021-21604

Description

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows attackers with permission to create or configure various objects to inject crafted content into Old Data Monitor that results in the instantiation of potentially unsafe objects once discarded by an administrator.

Risk Information

Base Score
8.0
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.835

Associated Vulnerability

VulnerabilityOS Platform
Multiple Vulnerabilities are affected in Jenkins 2.274Windows
Multiple vulnerabilities are fixed in Jenkins-Core 2.263.2Windows
Multiple vulnerabilities are fixed in Jenkins-Core 2.275Windows
Multiple vulnerabilities are fixed in Jenkins-Core for Linux 2.263.2Linux
Multiple vulnerabilities are fixed in Jenkins-Core for Linux 2.275Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234