CVE-2021-21678: Protection Mechanism Failure

August 31, 2021 (updated November 22, 2023)

Jenkins SAML Plugin allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins.

References

nvd.nist.gov/vuln/detail/CVE-2021-21678
www.jenkins.io/security/advisory/2021-08-31/

Detect and mitigate CVE-2021-21678 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →