CVE-2017-1000503
HIGHJenkins 2.81-2.94 and 2.89.1 - Race Condition during Initialization
Title source: llmDescription
A race condition during Jenkins 2.81 through 2.94 (inclusive); 2.89.1 startup could result in the wrong order of execution of commands during initialization. This could in rare cases result in failure to initialize the setup wizard on the first startup. This resulted in multiple security-related settings not being set to their usual strict default.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://jenkins.io/security/advisory/2017-12-14/
Scores
CVSS v3
8.1
EPSS
0.0274
EPSS Percentile
86.2%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-362
Status
published
Products (3)
jenkins/jenkins
2.89.1
jenkins/jenkins
2.81 - 2.94
org.jenkins-ci.main/jenkins-core
2.81 - 2.89.2Maven
Published
Jan 24, 2018
Tracked Since
Feb 18, 2026