CVE-2023-27901

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Jenkins versions 2.393 and earlier Jenkins LTS versions 2.375.3 and earlier

Description The issue allows attackers to trigger a denial of service by exploiting the Apache Commons FileUpload library without specified limits for the number of request parts in org.kohsuke.stapler.RequestImpl.

Recommendations For Jenkins versions 2.393 and earlier, update to a version that includes the fix for the denial of service issue. For Jenkins LTS versions 2.375.3 and earlier, update to a version that includes the fix for the denial of service issue. As a temporary workaround, consider restricting the number of request parts in the Apache Commons FileUpload library to minimize the risk of exploitation.

Exploit

Fix

DoS

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-770

Related Identifiers

BIT-JENKINS-2023-27901

CVE-2023-27901

GHSA-H76P-MC68-JV3P

RHSA-2023:3299

Affected Products

Apache Commons Fileupload

Jenkins

CVE-2023-27901

Weakness Enumeration

Related Identifiers

Affected Products

References · 10