CVE-2017-1000394
HIGHJenkins < 2.73.1 and < 2.83 - Denial of Service via Commons-Fileupload Library
Title source: llmDescription
Jenkins 2.73.1 and earlier, 2.83 and earlier bundled a version of the commons-fileupload library with the denial-of-service vulnerability known as CVE-2016-3092. The fix for that vulnerability has been backported to the version of the library bundled with Jenkins.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://jenkins.io/security/advisory/2017-10-11/
Scores
CVSS v3
7.5
EPSS
0.0050
EPSS Percentile
66.1%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-20
Status
published
Products (3)
jenkins/jenkins
< 2.73.1
jenkins/jenkins
< 2.83
org.jenkins-ci.main/jenkins-core
0 - 2.73.2Maven
Published
Jan 26, 2018
Tracked Since
Feb 18, 2026