CVE-2017-1000503

HIGH8.1EPSS 2.7%

Race Condition in Jenkins

Published: 5/14/2022Modified: 3/4/2024

Description

A race condition during Jenkins 2.81 through 2.94 (inclusive); 2.89.1 startup could result in the wrong order of execution of commands during initialization. This could in rare cases result in failure to initialize the setup wizard on the first startup. This resulted in multiple security-related settings not being set to their usual strict default.

Affected packages (1)

Maven/org.jenkins-ci.main:jenkins-core>= 2.81, < 2.89.2

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH8.1	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

References (4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2017-1000503
PATCHhttps://github.com/jenkinsci/jenkins
WEBhttps://github.com/jenkinsci/jenkins/commit/ccc374a7176d7704941fb494589790b7673efe2
WEBhttps://jenkins.io/security/advisory/2017-12-14