Jenkins 2.393 and earlier, LTS 2.375.3 and earlier use the Apache Commons FileUpload library without specifying limits for the number of request parts introduced in version 1.5 for CVE-2023-24998 in org.kohsuke.stapler.RequestImpl, allowing attackers to trigger a denial of service. https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-3030
This issue has been addressed in the following products: OpenShift Developer Tools and Services for OCP 4.13 Via RHSA-2023:3299 https://access.redhat.com/errata/RHSA-2023:3299
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2023-27901