Description
Jenkins 2.73.1 and earlier, 2.83 and earlier bundled a version of the commons-fileupload library with the denial-of-service vulnerability known as CVE-2016-3092. The fix for that vulnerability has been backported to the version of the library bundled with Jenkins.
Remediation
References
https://jenkins.io/security/advisory/2017-10-11/
Related Vulnerabilities
CVE-2020-6422 Vulnerability in maven package org.webjars.npm:electron
CVE-2019-16571 Vulnerability in maven package org.jenkins-ci.plugins:rapiddeploy-jenkins
CVE-2017-2601 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2017-2648 Vulnerability in maven package org.jenkins-ci.plugins:ssh-slaves
CVE-2023-25764 Vulnerability in maven package org.jenkins-ci.plugins:email-ext