VDB
CVE-2023-27901
CVE-2023-27901
PUBLISHED
Jenkins LTS 2.375.3 and earlier uses the Apache Commons FileUpload library without specifying limits for the number of request parts introduced in version 1.5 for CVE-2023-24998 in org.kohsuke.stapler.RequestImpl, allowing attackers to trigger a denial of service.
EPSS 0.62% · 70.5th percentile
Risk Scores
EPSS Score
0.62%
70.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitnami | jenkins | 0 |
| Bitnami | jenkins | 0 |
Exploit Intelligence
- CIRCL seen: CVE-2023-27901 (circl-sighting)
- CIRCL seen: CVE-2023-27901 (circl-sighting)
- CIRCL seen: CVE-2023-27901 (circl-sighting)
- Jenkins Security Advisory 2023-03-08 (circl)
Timeline
- Mar 8, 2023 CVE Published
- Mar 9, 2023 EPSS Score
- Mar 11, 2023 PoC Published
- Apr 17, 2023 EPSS Score
- May 26, 2023 EPSS Score
- Jul 4, 2023 EPSS Score
- Aug 12, 2023 EPSS Score
- Sep 19, 2023 EPSS Score
- Oct 28, 2023 EPSS Score
- Dec 6, 2023 EPSS Score
- Feb 22, 2024 EPSS Score
- Apr 1, 2024 EPSS Score