WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2023-27901 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

Description

Jenkins 2.393 and earlier, LTS 2.375.3 and earlier uses the Apache Commons FileUpload library without specifying limits for the number of request parts introduced in version 1.5 for CVE-2023-24998 in org.kohsuke.stapler.RequestImpl, allowing attackers to trigger a denial of service.

Remediation

References

https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-3030

Related Vulnerabilities

CVE-2023-49280 Vulnerability in maven package org.xwiki.contrib.changerequest:application-changerequest-default

CVE-2017-5646 Vulnerability in maven package org.apache.knox:gateway

CVE-2017-15010 Vulnerability in maven package org.webjars.npm:tough-cookie

CVE-2020-27178 Vulnerability in maven package org.apereo.cas:cas-server-support-otp-mfa-core

CVE-2018-1000169 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

Severity

High

Classification

CWE-770 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Vendor Advisory