Description
Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not limit sizes provided as query parameters to graph-rendering URLs, allowing attackers to request crafted URLs that use all available memory in Jenkins, potentially leading to out of memory errors.
Remediation
References
Related Vulnerabilities
Chamilo Improper Privilege Management Vulnerability (CVE-2022-27421)
Oracle Database Server CVE-2007-0268 Vulnerability (CVE-2007-0268)
WordPress Plugin Search Everything Cross-Site Request Forgery (8.1)
WordPress Plugin BookX Local File Inclusion (1.7)
WordPress Plugin Easy Google Map Cross-Site Scripting (1.1.4)