PT-2018-5268 · Jenkins · Jenkins

Published

2018-01-24

Updated

2022-05-14

CVE-2017-1000504

CVSS v3.1

8.1

High

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Jenkins versions 2.94 and earlier Jenkins versions 2.89.1 and earlier

Description A race condition during startup could result in the wrong order of execution of commands during initialization, leading to a short window of time where Cross-Site Request Forgery (CSRF) protection may not be effective.

Recommendations For Jenkins versions 2.94 and earlier, update to a version that fixes this issue. For Jenkins versions 2.89.1 and earlier, update to a version that fixes this issue. As a temporary workaround, consider restricting access to Jenkins during the startup phase until the issue is resolved.

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

CVE-2017-1000504

GHSA-99HJ-PPG3-2XWC

Affected Products

Jenkins

PT-2018-5268 · Jenkins · Jenkins

CVE-2017-1000504

Weakness Enumeration

Related Identifiers

Affected Products

References · 6