CVE-2023-27901 Information

Description

Jenkins 2.393 and earlier LTS 2.375.3 and earlier uses the Apache Commons FileUpload library without specifying limits for the number of request parts introduced in version 1.5 for CVE-2023-24998 in org.kohsuke.stapler.RequestImpl allowing attackers to trigger a denial of service.

Reference

https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-3030