Unrestricted Request Parts in Jenkins LTS Versions Prior to 2.375.3 and Jenkins Versions Prior to 2.393

Unrestricted Request Parts in Jenkins LTS Versions Prior to 2.375.3 and Jenkins Versions Prior to 2.393

CVE-2023-27901 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Jenkins 2.393 and earlier, LTS 2.375.3 and earlier uses the Apache Commons FileUpload library without specifying limits for the number of request parts introduced in version 1.5 for CVE-2023-24998 in org.kohsuke.stapler.RequestImpl, allowing attackers to trigger a denial of service.

Learn more about our Cis Benchmark Audit For Apache Http Server.