CVE-2021-21604
HIGH8.0EPSS 0.76%Improper handling of REST API XML deserialization errors in Jenkins
發布日:2022/5/24修改日:2025/4/3
描述
Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows attackers with permission to create or configure various objects to inject crafted content into Old Data Monitor that results in the instantiation of potentially unsafe objects once discarded by an administrator.
受影響套件(2)
- Bitnami/jenkinsfrom 0, < 2.274.1
- Maven/org.jenkins-ci.main:jenkins-corefrom 0, < 2.263.2
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.0 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |