Description
Jenkins 2.393 and earlier, LTS 2.375.3 and earlier uses the Apache Commons FileUpload library without specifying limits for the number of request parts introduced in version 1.5 for CVE-2023-24998 in hudson.util.MultipartFormDataParser, allowing attackers to trigger a denial of service.
Remediation
References
Related Vulnerabilities
Oracle JRE CVE-2013-2424 Vulnerability (CVE-2013-2424)
Joomla Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-16633)
OpenSSL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-0702)
PHP Out-of-bounds Write Vulnerability (CVE-2016-7126)
Artifactory Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2018-1000206)