CVE-2021-21621: Information Exposure

February 24, 2021 (updated October 25, 2023)

Jenkins Support Core Plugin provides the serialized user authentication as part of the “About user (basic authentication details only)” information, which can include the session ID of the user creating the support bundle in some configurations.

References

nvd.nist.gov/vuln/detail/CVE-2021-21621
www.jenkins.io/security/advisory/2021-02-24/

Detect and mitigate CVE-2021-21621 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →