Jenkins 2.393 and earlier, LTS 2.375.3 and earlier uses the Apache Commons FileUpload library without specifying limits for the number of request parts introduced in version 1.5 for CVE-2023-24998 in hudson.util.MultipartFormDataParser, allowing attackers to trigger a denial of service.
This issue has been addressed in the following products:
OpenShift Developer Tools and Services for OCP 4.13
Via RHSA-2023:3299 https://access.redhat.com/errata/RHSA-2023:3299
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):