Description
Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not limit sizes provided as query parameters to graph-rendering URLs, allowing attackers to request crafted URLs that use all available memory in Jenkins, potentially leading to out of memory errors.
Remediation
References
https://www.jenkins.io/security/advisory/2021-01-13/#SECURITY-2025
Related Vulnerabilities
CVE-2023-27987 Vulnerability in maven package org.apache.linkis:linkis-cli-application
CVE-2023-37945 Vulnerability in maven package io.jenkins.plugins:miniorange-saml-sp
CVE-2023-39532 Vulnerability in npm package ses
CVE-2020-2120 Vulnerability in maven package org.jenkins-ci.plugins:fitnesse
CVE-2018-3774 Vulnerability in maven package org.webjars.npm:url-parse