Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1oNzZwLW1jNjgtanYzcM4AAyCk
Denial of service in Jenkins Core
Jenkins 2.393 and earlier, LTS 2.375.3 and earlier uses the Apache Commons FileUpload library without specifying limits for the number of request parts introduced in version 1.5 for CVE-2023-24998 in org.kohsuke.stapler.RequestImpl, allowing attackers to trigger a denial of service.
Permalink: https://github.com/advisories/GHSA-h76p-mc68-jv3pJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1oNzZwLW1jNjgtanYzcM4AAyCk
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: about 1 year ago
Updated: 4 months ago
CVSS Score: 7.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Identifiers: GHSA-h76p-mc68-jv3p, CVE-2023-27901
References:
- https://nvd.nist.gov/vuln/detail/CVE-2023-27901
- https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-3030
- https://github.com/CVEProject/cvelist/blob/master/2023/27xxx/CVE-2023-27901.json
- https://github.com/jenkinsci/jenkins/commit/b70f4cb5892bd6059a45b5f156f019ce572adb08
- https://github.com/advisories/GHSA-h76p-mc68-jv3p
Blast Radius: 1.0
Affected Packages
maven:org.jenkins-ci.main:jenkins-core
Affected Version Ranges: >= 2.376, < 2.387.1, >= 2.388, < 2.394, < 2.375.4Fixed in: 2.387.1, 2.394, 2.375.4