CVE-2021-21697: Incomplete List of Disallowed Inputs

November 4, 2021 (updated November 3, 2023)

Jenkins allows any agent to read and write the contents of any build directory stored in Jenkins with very few restrictions.

References

www.openwall.com/lists/oss-security/2021/11/04/3
nvd.nist.gov/vuln/detail/CVE-2021-21697
www.jenkins.io/security/advisory/2021-11-04/

Detect and mitigate CVE-2021-21697 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →