CGA-hpv8-j7j6-3f2c

Data serialization is performed by the Jenkins framework, nothing specific to this application. This CVE is disputed by upstream developers: https://github.com/spring-projects/spring-framework/issues/24434#issuecomment-582313417

According to the mvn dependency tree, the vulnerable code is present in the codebase and a part of the spring-security-web package. To be able to mitigate this vulnerability, the spring-security-web package needs to be updated to version at least 6.1.17 (https://mvnrepository.com/artifact/org.springframework.security/spring-security-web/6.1.7) or 6.2.2 (https://mvnrepository.com/artifact/org.springframework.security/spring-security-web/6.2.2). That kind of change can cause incompatibility issues with the current codebase, so we cannot apply patches since it requires some code changes. The best way to mitigate this vulnerability is to update the jenkins version to at least 2.446 or later (https://www.jenkins.io/changelog/#v2.446).