1. Home
  2. Vulnerabilities
  3. CVE-2017-1000503

CVE-2017-1000503

CVSS v3.0 8.1 (High)
81% Progress
CVSS v2.0 6.8 (Medium)
68% Progress
EPSS 0.26 % (66th)
0.26% Progress
Affected Products 1
Advisories 1
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software Tools, Exploits & PoC Graph Web & Social Timeline

A race condition during Jenkins 2.81 through 2.94 (inclusive); 2.89.1 startup could result in the wrong order of execution of commands during initialization. This could in rare cases result in failure to initialize the setup wizard on the first startup. This resulted in multiple security-related settings not being set to their usual strict default.

Weaknesses
CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE Status
PUBLISHED
CNA
MITRE
Published Date
2018-01-24 23:29:00
(6 years ago)
Updated Date
2018-02-12 16:08:35
(6 years ago)

Affected Products

Jenkins

Configuration #1

    CPE23 From Up To
  Jenkins from 2.81 version and 2.94 and prior versions cpe:2.3:a:jenkins:jenkins >= 2.81 <= 2.94
  Jenkins 2.89.1 cpe:2.3:a:jenkins:jenkins:2.89.1:*:*:*:lts