Allocation of Resources Without Limits or Throttling Affecting jenkins package, versions <2.395-r0
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-WOLFILATEST-JENKINS-5847236
- published 21 Aug 2023
- disclosed 20 Feb 2023
Introduced: 20 Feb 2023
CVE-2023-24998 Open this link in a new tabHow to fix?
Upgrade Wolfi jenkins to version 2.395-r0 or higher.
NVD Description
Note: Versions mentioned in the description apply only to the upstream jenkins package and not the jenkins package as distributed by Wolfi.
See How to fix? for Wolfi relevant fixed versions and status.
Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads.
Note that, like all of the file upload limits, the new configuration option (FileUploadBase#setFileCountMax) is not enabled by default and must be explicitly configured.