CVE-2023-27900 Information

Mar 11, 2023 cve

Description

Jenkins 2.393 and earlier LTS 2.375.3 and earlier uses the Apache Commons FileUpload library without specifying limits for the number of request parts introduced in version 1.5 for CVE-2023-24998 in hudson.util.MultipartFormDataParser allowing attackers to trigger a denial of service.

Reference

https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-3030

Share on: