CVE-2023-27900

2023-03-0817:14:49

jenkins

www.cve.org

7.8 High

AI Score

Confidence

High

0.034 Low

EPSS

Percentile

91.4%

JSON

Jenkins 2.393 and earlier, LTS 2.375.3 and earlier uses the Apache Commons FileUpload library without specifying limits for the number of request parts introduced in version 1.5 for CVE-2023-24998 in hudson.util.MultipartFormDataParser, allowing attackers to trigger a denial of service.

CNA Affected

[
  {
    "defaultStatus": "affected",
    "product": "Jenkins",
    "vendor": "Jenkins Project",
    "versions": [
      {
        "lessThan": "*",
        "status": "unaffected",
        "version": "2.394",
        "versionType": "maven"
      },
      {
        "lessThan": "2.375.*",
        "status": "unaffected",
        "version": "2.375.4",
        "versionType": "maven"
      },
      {
        "lessThan": "2.387.*",
        "status": "unaffected",
        "version": "2.387.1",
        "versionType": "maven"
      }
    ]
  }
]