Jenkins Memory Exhaustion Vulnerability

Jenkins Memory Exhaustion Vulnerability

CVE-2021-21607 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not limit sizes provided as query parameters to graph-rendering URLs, allowing attackers to request crafted URLs that use all available memory in Jenkins, potentially leading to out of memory errors.

Learn more about our Web Application Penetration Testing UK.