CVE-2021-21624: Incorrect Authorization

March 18, 2021 (updated October 25, 2023)

An incorrect permission check in Jenkins Role-based Authorization Strategy Plugin allows attackers with Item/Read permission on nested items to access them, even if they lack Item/Read permission for parent folders.

References

nvd.nist.gov/vuln/detail/CVE-2021-21624
www.jenkins.io/security/advisory/2021-03-18/

Detect and mitigate CVE-2021-21624 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →