PT-2018-5267 · Jenkins · Jenkins

Daniel Beck

Published

2018-01-24

Updated

2022-05-14

CVE-2017-1000503

CVSS v3.1

8.1

High

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Jenkins versions 2.81 through 2.94

Description A race condition during startup could result in the wrong order of execution of commands during initialization, potentially leading to failure in initializing the setup wizard on the first startup. This issue could cause multiple security-related settings not to be set to their usual strict default.

Recommendations For Jenkins versions 2.81 through 2.94, update to a version outside of this range to ensure proper initialization of security settings.

Fix

Race Condition

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-362

Related Identifiers

CVE-2017-1000503

GHSA-R5X3-2446-HRP7

Affected Products

Jenkins

PT-2018-5267 · Jenkins · Jenkins

CVE-2017-1000503

Weakness Enumeration

Related Identifiers

Affected Products

References · 6