Description
Jenkins 2.393 and earlier, LTS 2.375.3 and earlier uses the Apache Commons FileUpload library without specifying limits for the number of request parts introduced in version 1.5 for CVE-2023-24998 in hudson.util.MultipartFormDataParser, allowing attackers to trigger a denial of service.
Remediation
References
Related Vulnerabilities
Apache Tomcat Missing Release of Resource after Effective Lifetime Vulnerability (CVE-2021-42340)
Oracle JRE CVE-2013-2472 Vulnerability (CVE-2013-2472)
Jetty Insufficient Session Expiration Vulnerability (CVE-2021-34428)
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-3732)
WordPress Plugin AccessPress Social Icons Multiple Cross-Site Scripting Vulnerabilities (1.5.5)