GSA_kwCzR0hTQS1oNzZwLW1jNjgtanYzcM4AAyCk

High EPSS: 0.00111% (0.30492 Percentile) EPSS:

Permalink JSON

Denial of service in Jenkins Core

Affected Packages	Affected Versions	Fixed Versions
maven:org.jenkins-ci.main:jenkins-core	>= 2.376, < 2.387.1, >= 2.388, < 2.394, < 2.375.4	2.387.1, 2.394, 2.375.4

Jenkins 2.393 and earlier, LTS 2.375.3 and earlier uses the Apache Commons FileUpload library without specifying limits for the number of request parts introduced in version 1.5 for CVE-2023-24998 in org.kohsuke.stapler.RequestImpl, allowing attackers to trigger a denial of service.

References:

https://nvd.nist.gov/vuln/detail/CVE-2023-27901
https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-3030
https://github.com/CVEProject/cvelist/blob/master/2023/27xxx/CVE-2023-27901.json
https://github.com/jenkinsci/jenkins/commit/b70f4cb5892bd6059a45b5f156f019ce572adb08
https://github.com/advisories/GHSA-h76p-mc68-jv3p

Identifiers

GHSA-h76p-mc68-jv3p

CVE-2023-27901

Risk

Severity

High

EPSS

EPSS Percentage: 0.00111

EPSS Percentile: 0.30492

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/CVEProject/cvelist

Date and time

Published

over 2 years ago

Updated

over 1 year ago

API

JSON

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Advisories