CVE-2017-1000503 — Race Condition in Jenkins

CWE-362 — Race Condition6 documents6 sources

Severity

8.1HIGHNVD

EPSS

2.7%

top 13.99%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Jenkins Jenkins Core Jenkins LTS

Timeline

PublishedJan 24

Latest updateMay 14

Description

A race condition during Jenkins 2.81 through 2.94 (inclusive); 2.89.1 startup could result in the wrong order of execution of commands during initialization. This could in rare cases result in failure to initialize the setup wizard on the first startup. This resulted in multiple security-related settings not being set to their usual strict default.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages3 packages

▶NVDjenkins/jenkins2.81 — 2.94+1

▶jenkinsjenkins/jenkins_lts

▶jenkinsjenkins/jenkins_core

🔴Vulnerability Details

GHSA

Race Condition in Jenkins↗2022-05-14

▶

OSV

Race Condition in Jenkins↗2022-05-14

▶

📋Vendor Advisories

Jenkins

Jenkins Security Advisory 2017-12-14↗2017-12-14

▶

Red Hat

jenkins: Race condition during startup can result in default security settings not being applied↗2017-12-14

▶

💬Community

Bugzilla

CVE-2017-1000503 jenkins: Race condition during startup can result in default security settings not being applied↗2018-01-29

▶