Jenkins Old Data Monitor Injection Vulnerability

Jenkins Old Data Monitor Injection Vulnerability

CVE-2021-21604 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows attackers with permission to create or configure various objects to inject crafted content into Old Data Monitor that results in the instantiation of potentially unsafe objects once discarded by an administrator.

Learn more about our Web Application Penetration Testing UK.