CVE-2021-21639: Improper Input Validation

April 7, 2021 (updated October 25, 2023)

Jenkins does not validate the type of object created after loading the data submitted to the config.xml REST API endpoint of a node, allowing attackers with Computer/Configure permission to replace a node with one of a different type.

References

nvd.nist.gov/vuln/detail/CVE-2021-21639
www.jenkins.io/security/advisory/2021-04-07/

Detect and mitigate CVE-2021-21639 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →