High severity7.5NVD Advisory· Published Mar 10, 2023· Updated Jun 17, 2026
CVE-2023-27901
CVE-2023-27901
Description
Jenkins 2.393 and earlier, LTS 2.375.3 and earlier uses the Apache Commons FileUpload library without specifying limits for the number of request parts introduced in version 1.5 for CVE-2023-24998 in org.kohsuke.stapler.RequestImpl, allowing attackers to trigger a denial of service.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.jenkins-ci.main:jenkins-coreMaven | >= 2.388, < 2.394 | 2.394 |
org.jenkins-ci.main:jenkins-coreMaven | < 2.375.4 | 2.375.4 |
org.jenkins-ci.main:jenkins-coreMaven | >= 2.376, < 2.387.1 | 2.387.1 |
Affected products
3- osv-coords2 versions
< 2.394.0+ 1 more
- (no CPE)range: < 2.394.0
- (no CPE)range: >= 2.388, < 2.394
- Range: 2.394
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-h76p-mc68-jv3pghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-27901ghsaADVISORY
- www.jenkins.io/security/advisory/2023-03-08/nvdVendor AdvisoryWEB
- github.com/CVEProject/cvelist/blob/master/2023/27xxx/CVE-2023-27901.jsonghsaWEB
- github.com/jenkinsci/jenkins/commit/b70f4cb5892bd6059a45b5f156f019ce572adb08ghsaWEB
News mentions
1- Jenkins Security Advisory 2023-03-08Jenkins Security Advisories · Mar 8, 2023