CVE-2023-27900

EPSS 0.1%
Veröffentlicht 10.03.2023 21:15:15
Zuletzt bearbeitet 28.02.2025 19:15:35
Quelle jenkinsci-cert@googlegroups.co
Teams Watchlist Login
Unerledigt Login

Jenkins 2.393 and earlier, LTS 2.375.3 and earlier uses the Apache Commons FileUpload library without specifying limits for the number of request parts introduced in version 1.5 for CVE-2023-24998 in hudson.util.MultipartFormDataParser, allowing attackers to trigger a denial of service.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Jenkins ≫ Jenkins SwEditionlts Version < 2.375.4

Jenkins ≫ Jenkins SwEdition- Version < 2.394

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.1%	0.284

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-770 Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-3030

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-27900

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-27900

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-27900

EUVD