CVE-2023-27901

CVSS 7.5 HIGHEPSS 1.0%CWE-770

Vexday Risk Score

21Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 7.5EPSS 1.0%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado

Lifecycle

08 Mar 2023Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

Jenkins 2.393 and earlier, LTS 2.375.3 and earlier uses the Apache Commons FileUpload library without specifying limits for the number of request parts introduced in version 1.5 for CVE-2023-24998 in org.kohsuke.stapler.RequestImpl, allowing attackers to trigger a denial of service.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Jenkins Project · Jenkins

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-3030