CVE-2021-21690: Protection Mechanism Failure

November 4, 2021 (updated November 22, 2023)

Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path in Jenkins.

References

nvd.nist.gov/vuln/detail/CVE-2021-21690
www.jenkins.io/security/advisory/2021-11-04/

Detect and mitigate CVE-2021-21690 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →