vulnerability

Jenkins Advisory 2021-01-13: CVE-2021-21604: Improper handling of REST API XML deserialization errors

Try Surface Command

Back to search

Severity

CVSS

(AV:N/AC:M/Au:S/C:P/I:P/A:P)

Published

Jan 13, 2021

Added

Dec 2, 2021

Modified

Mar 27, 2026

Description

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows attackers with permission to create or configure various objects to inject crafted content into Old Data Monitor that results in the instantiation of potentially unsafe objects once discarded by an administrator.

Solutions

jenkins-lts-upgrade-2_263_2jenkins-upgrade-2_275

References

CVE-2021-21604
https://attackerkb.com/topics/CVE-2021-21604
CWE-502
EUVD-EUVD-2022-5032
https://euvd.enisa.europa.eu/vulnerability/EUVD-2022-5032
https://jenkins.io/security/advisory/2021-01-13/

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report