CVE-2021-21679: Cross-Site Request Forgery (CSRF)

May 24, 2022 (updated December 15, 2022)

Jenkins Azure AD Plugin 179.vf6841393099e and earlier allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins.

References

www.openwall.com/lists/oss-security/2021/08/31/1
github.com/advisories/GHSA-x77r-7m5w-pqq2
nvd.nist.gov/vuln/detail/CVE-2021-21679
www.jenkins.io/security/advisory/2021-08-31/

Detect and mitigate CVE-2021-21679 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →