CVE-2021-21615: Time-of-check Time-of-use (TOCTOU) Race Condition

January 26, 2021 (updated October 25, 2023)

Jenkins allows reading arbitrary files using the file browser for workspaces and archived artifacts due to a time-of-check to time-of-use (TOCTOU) race condition.

References

nvd.nist.gov/vuln/detail/CVE-2021-21615
www.jenkins.io/security/advisory/2021-01-26/

Code Behaviors & Features

Detect and mitigate CVE-2021-21615 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →