CVE-2017-1000503

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2017-1000503

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-1000503.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2017-1000503

Aliases

GHSA-r5x3-2446-hrp7

Published

2018-01-24T23:29:00Z

Modified

2024-09-03T01:35:58.526250Z

Severity

8.1 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A race condition during Jenkins 2.81 through 2.94 (inclusive); 2.89.1 startup could result in the wrong order of execution of commands during initialization. This could in rare cases result in failure to initialize the setup wizard on the first startup. This resulted in multiple security-related settings not being set to their usual strict default.

References

https://jenkins.io/security/advisory/2017-12-14/

Affected packages

Git / github.com/jenkinsci/jenkins

Affected ranges

Type: GIT
Repo: https://github.com/jenkinsci/jenkins
Events: Last affected

2fa723b1ee4ba09d087877a7efc89245c6ca4c65

Introduced

a63bbbefbaa245c406e968fa5f44763f0622206c

Last affected

a4608a21ced998f1da374961bc3d7537c9c35b0b

Affected versions

jenkins-2.*

jenkins-2.46.2

jenkins-2.46.3

jenkins-2.60.1

jenkins-2.60.2

jenkins-2.60.3

jenkins-2.73.1

jenkins-2.73.2

jenkins-2.81

jenkins-2.82

jenkins-2.83

jenkins-2.84

jenkins-2.85

jenkins-2.86

jenkins-2.87

jenkins-2.88

jenkins-2.89

jenkins-2.89.1