WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2023-27901 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

Description

Jenkins 2.393 and earlier, LTS 2.375.3 and earlier uses the Apache Commons FileUpload library without specifying limits for the number of request parts introduced in version 1.5 for CVE-2023-24998 in org.kohsuke.stapler.RequestImpl, allowing attackers to trigger a denial of service.

Remediation

References

https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-3030

Related Vulnerabilities

CVE-2015-1836 Vulnerability in maven package org.apache.hbase:hbase-client

CVE-2021-33604 Vulnerability in maven package com.vaadin:flow-server

CVE-2022-34192 Vulnerability in maven package org.jenkins-ci.plugins:ontrack

CVE-2012-5575 Vulnerability in maven package org.apache.cxf:cxf-rt-ws-security

CVE-2018-1000997 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

Severity

High

Classification

CWE-770 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Vendor Advisory