1. Home
  2. Vulnerabilities
  3. CVE-2023-27901

CVE-2023-27901

CVSS v3.1 7.5 (High)
75% Progress
EPSS 0.09 % (37th)
0.09% Progress
Affected Products 1
Advisories 3
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software Tools, Exploits & PoC Graph Web & Social Timeline

Jenkins 2.393 and earlier, LTS 2.375.3 and earlier uses the Apache Commons FileUpload library without specifying limits for the number of request parts introduced in version 1.5 for CVE-2023-24998 in org.kohsuke.stapler.RequestImpl, allowing attackers to trigger a denial of service.

Weaknesses
CWE-770
Allocation of Resources Without Limits or Throttling
Related CVEs
CVE Status
PUBLISHED
CNA
Jenkins Project
Published Date
2023-03-10 21:15:15
(18 months ago)
Updated Date
2023-03-16 15:54:28
(18 months ago)

Affected Products

Jenkins

Configuration #1

    CPE23 From Up To
  Jenkins prior 2.375.4 version cpe:2.3:a:jenkins:jenkins::*:*:*:lts < 2.375.4
  Jenkins prior 2.394 version cpe:2.3:a:jenkins:jenkins::*:*:*:- < 2.394