Home

CVE-2017-1000394

Description

Jenkins 2.73.1 and earlier, 2.83 and earlier bundled a version of the commons-fileupload library with the denial-of-service vulnerability known as CVE-2016-3092. The fix for that vulnerability has been backported to the version of the library bundled with Jenkins.

Risk Information

Base Score
7.5
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
0.5

Associated Vulnerability

VulnerabilityOS Platform
Multiple vulnerabilities affected in Jenkins 2.83Windows
Multiple vulnerabilities are fixed in Jenkins-Core 2.73.2Windows
Multiple vulnerabilities are fixed in Jenkins-Core 2.84Windows
Multiple vulnerabilities affected in Jenkins 2.83 (For Ubuntu)Linux
Multiple vulnerabilities affected in Jenkins 2.83 (For Debian)Linux
Multiple vulnerabilities affected in Jenkins 2.83 (For Centos)Linux
Multiple vulnerabilities affected in Jenkins 2.83 (For RedHat)Linux
Multiple vulnerabilities affected in Jenkins 2.83 (For Suse)Linux
Multiple vulnerabilities are fixed in Jenkins-Core for Linux 2.73.2Linux
Multiple vulnerabilities are fixed in Jenkins-Core for Linux 2.84Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234