vulnerability
FreeBSD: VID-7136e6b7-e1b3-11e7-a4d3-000c292ee6b8: jenkins -- Two startup race conditions
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:H/Au:N/C:C/I:C/A:C) | Dec 15, 2017 | Dec 10, 2025 | Dec 10, 2025 |
Severity
8
CVSS
(AV:N/AC:H/Au:N/C:C/I:C/A:C)
Published
Dec 15, 2017
Added
Dec 10, 2025
Modified
Dec 10, 2025
Description
The Jenkins project reports: A race condition during Jenkins startup could result in the wrong order of execution of commands during initialization. On Jenkins 2.81 and newer, including LTS 2.89.1, this could in rare cases (we estimate less than 20% of new instances) result in failure to initialize the setup wizard on the first startup. There is a very short window of time after startup during which Jenkins may no longer show the "Please wait while Jenkins is getting ready to work" message, but Cross-Site Request Forgery (CSRF) protection may not yet be effective.
Solutions
freebsd-upgrade-package-jenkinsfreebsd-upgrade-package-jenkins-lts
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.