WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2023-27901 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

Description

Jenkins 2.393 and earlier, LTS 2.375.3 and earlier uses the Apache Commons FileUpload library without specifying limits for the number of request parts introduced in version 1.5 for CVE-2023-24998 in org.kohsuke.stapler.RequestImpl, allowing attackers to trigger a denial of service.

Remediation

References

https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-3030

Related Vulnerabilities

CVE-2015-7559 Vulnerability in maven package org.apache.activemq:activemq-core

CVE-2023-50730 Vulnerability in maven package edu.gemini:gsp-graphql-core_2.13

CVE-2023-35925 Vulnerability in maven package com.fastasyncworldedit:fastasyncworldedit-core

CVE-2011-4367 Vulnerability in maven package org.apache.myfaces.core:myfaces-impl

CVE-2013-4330 Vulnerability in maven package org.apache.camel:camel-core

Severity

High

Classification

CWE-770 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Vendor Advisory