Vulnerability & Exploit Database

Back to search

Jenkins Advisory 2017-12-14: Random failures to initialize the setup wizard on startup

Severity CVSS Published Added Modified
4 (AV:L/AC:M/Au:N/C:P/I:P/A:P) December 18, 2017 December 18, 2017 December 18, 2017

Description

A race condition during Jenkins startup could result in the wrong order of execution of commands during initialization.On Jenkins 2.81 and newer, including LTS 2.89.1, this could in rare cases (we estimate less than 20% of new instances) result in failure to initialize the setup wizard on the first startup. This resulted in the following security settings not being set to their usual strict default:Affected instances need to be configured to restrict access.

Scan For This Vulnerability

Use our top-rated tool to discover, prioritize, and remediate your vulnerabilities

 Free InsightVM Trial

References

Solution

jenkins-lts-upgrade-2_81