Description
Jenkins 2.393 and earlier, LTS 2.375.3 and earlier uses the Apache Commons FileUpload library without specifying limits for the number of request parts introduced in version 1.5 for CVE-2023-24998 in org.kohsuke.stapler.RequestImpl, allowing attackers to trigger a denial of service.
Remediation
References
Related Vulnerabilities
Oracle Database Server CVE-2021-2332 Vulnerability (CVE-2021-2332)
Dolibarr Missing Authorization Vulnerability (CVE-2023-4198)
Envoy Proxy CVE-2023-27487 Vulnerability (CVE-2023-27487)
MediaWiki Improper Input Validation Vulnerability (CVE-2017-0368)
WordPress Plugin WP AutoComplete Search SQL Injection (1.0.4)