Description
Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not limit sizes provided as query parameters to graph-rendering URLs, allowing attackers to request crafted URLs that use all available memory in Jenkins, potentially leading to out of memory errors.
Remediation
References
Related Vulnerabilities
Django Incorrect Default Permissions Vulnerability (CVE-2019-19118)
WordPress Plugin Portfolio Responsive Gallery SQL Injection (1.1.7)
WordPress Weak Password Recovery Mechanism for Forgotten Password Vulnerability (CVE-2017-8295)
SharePoint Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-24955)