Published: 10/03/2023 Updated: 16/03/2023

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 0

Jenkins 2.393 and previous versions, LTS 2.375.3 and previous versions uses the Apache Commons FileUpload library without specifying limits for the number of request parts introduced in version 1.5 for CVE-2023-24998 in hudson.util.MultipartFormDataParser, allowing malicious users to trigger a denial of service.

Vulnerable Product	Search on Vulmon	Subscribe to Product
jenkins jenkins

Synopsis Important: jenkins and jenkins-2-plugins security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for jenkins and jenkins-2-plugins is now available for OpenShift Developer Tools and Services for ...

DescriptionThe MITRE CVE dictionary describes this issue as: Jenkins 2393 and earlier, LTS 23753 and earlier uses the Apache Commons FileUpload library without specifying limits for the number of request parts introduced in version 15 for CVE-2023-24998 in hudsonutilMultipartFormDataParser, allowing attackers to trigger a denial of service ...

CWE-770 https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-3030 https://access.redhat.com/errata/RHSA-2023:3299 https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2023-27900

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2023-27900

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect