GHSA-r5x3-2446-hrp7

Source

https://github.com/advisories/GHSA-r5x3-2446-hrp7

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-r5x3-2446-hrp7/GHSA-r5x3-2446-hrp7.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-r5x3-2446-hrp7

Aliases

CVE-2017-1000503

Published

2022-05-14T03:45:22Z

Modified

2024-03-04T21:34:01.731984Z

Severity

8.1 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

Race Condition in Jenkins

Details

A race condition during Jenkins 2.81 through 2.94 (inclusive); 2.89.1 startup could result in the wrong order of execution of commands during initialization. This could in rare cases result in failure to initialize the setup wizard on the first startup. This resulted in multiple security-related settings not being set to their usual strict default.

Database specific

{
    "nvd_published_at": "2018-01-24T23:29:00Z",
    "cwe_ids": [
        "CWE-362"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2022-07-01T21:46:30Z"
}

References

Affected packages

Maven / org.jenkins-ci.main:jenkins-core

Package

Name: org.jenkins-ci.main:jenkins-core; View open source insights on deps.dev
Purl: pkg:maven/org.jenkins-ci.main/jenkins-core

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.81

Fixed

2.89.2

Affected versions

2.*

2.81

2.82

2.83

2.84

2.85

2.86

2.87

2.88

2.89

2.89.1

Database specific

{
    "last_known_affected_version_range": "<= 2.89.1"
}

Maven / org.jenkins-ci.main:jenkins-core

Package

Name: org.jenkins-ci.main:jenkins-core; View open source insights on deps.dev
Purl: pkg:maven/org.jenkins-ci.main/jenkins-core

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.90

Fixed

2.95

Affected versions

2.*

2.90

2.91

2.92

2.93

2.94

Database specific

{
    "last_known_affected_version_range": "<= 2.94"
}