PT-2023-21407 · Apache+1 · Apache Commons Fileupload+1

Jakob Ackermann

Publicado

2023-03-08

Atualizado

2025-02-28

CVE-2023-27901

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Jenkins versions 2.393 and earlier Jenkins LTS versions 2.375.3 and earlier

Description The issue allows attackers to trigger a denial of service by exploiting the Apache Commons FileUpload library without specified limits for the number of request parts in org.kohsuke.stapler.RequestImpl.

Recommendations For Jenkins versions 2.393 and earlier, update to a version that includes the fix for the denial of service issue. For Jenkins LTS versions 2.375.3 and earlier, update to a version that includes the fix for the denial of service issue. As a temporary workaround, consider restricting the number of request parts in the Apache Commons FileUpload library to minimize the risk of exploitation.

Exploit

Correção

DoS

Allocation of Resources Without Limits

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-770

Identificadores relacionados

BIT-JENKINS-2023-27901

CVE-2023-27901

GHSA-H76P-MC68-JV3P

RHSA-2023:3299

Produtos afetados

Apache Commons Fileupload

Jenkins

PT-2023-21407 · Apache+1 · Apache Commons Fileupload+1

CVE-2023-27901

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 10