WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2023-27901 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

Description

Jenkins 2.393 and earlier, LTS 2.375.3 and earlier uses the Apache Commons FileUpload library without specifying limits for the number of request parts introduced in version 1.5 for CVE-2023-24998 in org.kohsuke.stapler.RequestImpl, allowing attackers to trigger a denial of service.

Remediation

References

https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-3030

Related Vulnerabilities

CVE-2016-0781 Vulnerability in maven package org.cloudfoundry.identity:cloudfoundry-identity-login

CVE-2017-2598 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

CVE-2020-16023 Vulnerability in npm package electron

CVE-2022-32533 Vulnerability in maven package org.apache.portals.jetspeed-2:jetspeed

CVE-2015-5346 Vulnerability in maven package org.apache.tomcat:tomcat-catalina

Severity

High

Classification

CWE-770 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Vendor Advisory